Background: #e0e3f5
Background: #f7f7ff
Background: #fff
Foreground: #090d1e
Foreground: #000
PrimaryPale: #b9c2e8
PrimaryPale: #8cf
PrimaryLight: #7485d2
PrimaryLight: #18f
PrimaryMid: #384fb1
PrimaryMid: #04b			
/% PrimaryMid: LINK color %/
PrimaryDark: #0c1126
PrimaryDark_INI: #014
PrimaryDark_2020: #014
PrimaryDark: #014
SecondaryPale: #cbe8b9
SecondaryPale: #ffc
SecondaryLight: #98d274
SecondaryLight: #fe8
SecondaryMid: #67b138
SecondaryMid: #db4
SecondaryDark: #16260c
SecondaryDark: #841
TertiaryPale: #e8bab9		
/% TertiaryPale: TABLE Header %/
TertiaryPale: #eee
TertiaryLight: #d27574
TertiaryLight: #ccc
TertiaryMid: #b13a38
TertiaryMid_INI: #999
TertiaryMid_2021: #939597
TertiaryMid: #939597
TertiaryDark: #260c0c
TertiaryDark: #666
Error: #f88
<!--{{{-->
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel='stylesheet' href='font-awesome/css/fontawesome.min.css' />
<link rel='stylesheet' href='font-awesome/css/all.css' />

<!--}}}-->
— [[InterfaceOptions]] — [[AdvancedOptions]] —
<!--{{{-->
<div class='header' role='banner' macro='gradient horiz [[ColorPalette::PrimaryDark]] [[ColorPalette::PrimaryDark]] [[ColorPalette::PrimaryDark]] [[ColorPalette::PrimaryDark]] [[ColorPalette::PrimaryDark]] [[ColorPalette::PrimaryMid]] [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryPale]] [[ColorPalette::Background]] [[ColorPalette::Background]]'>
<div class='headerShadow'>
<a href='https://CloudSecurityAlliance.fr/' target='_blank'><img src="iCSA/logoCSAFR.png" width="150px" align="right"></a>
</div>
<div class='headerForeground'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>&nbsp;
</div>
</div>
<div id='mainMenu' role='navigation' refresh='content' tiddler='MainMenu'></div>
<div id='sidebar'>
<div id='sidebarOptions' role='navigation' refresh='content' tiddler='SideBarOptions'></div>
<div id='sidebarTabs' role='complementary' refresh='content' force='true' tiddler='SideBarTabs'></div>
</div>
<div id='displayArea' role='main'>
<div id='messageArea' class='messageArea'></div>
<div style="text-align:center"><span class='HeaderMenu' refresh='content' tiddler='HeaderMenu'></span></div>
<div id='tiddlerDisplay'></div>
<div style="text-align:center"><span class='FooterNews' refresh='content' tiddler='FooterDisclaimer'></span></div>
</div>
<!--}}}-->
/*{{{*/
body {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
a {color:[[ColorPalette::PrimaryMid]];}
a:hover {background-color:[[ColorPalette::PrimaryMid]]; color:[[ColorPalette::Background]];}
a img {border:0;}
h1,h2,h3,h4,h5,h6 {color:[[ColorPalette::SecondaryDark]]; background:transparent;}
h1 {border-bottom:2px solid [[ColorPalette::TertiaryLight]];}
h2,h3 {border-bottom:1px solid [[ColorPalette::TertiaryLight]];}
.button {color:[[ColorPalette::PrimaryDark]]; border:1px solid [[ColorPalette::Background]];}
.button:hover {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::SecondaryLight]]; border-color:[[ColorPalette::SecondaryMid]];}
.button:active {color:[[ColorPalette::Background]]; background:[[ColorPalette::SecondaryMid]]; border:1px solid [[ColorPalette::SecondaryDark]];}
.header {background:[[ColorPalette::PrimaryMid]];}
.headerShadow {color:[[ColorPalette::Foreground]];}
.headerShadow a {font-weight:normal; color:[[ColorPalette::Foreground]];}
.headerForeground {color:[[ColorPalette::Background]];}
.headerForeground a {font-weight:normal; color:[[ColorPalette::PrimaryPale]];}
.tabSelected {color:[[ColorPalette::PrimaryDark]];
 background:[[ColorPalette::TertiaryPale]];
 border-left:1px solid [[ColorPalette::TertiaryLight]];
 border-top:1px solid [[ColorPalette::TertiaryLight]];
 border-right:1px solid [[ColorPalette::TertiaryLight]];
}
.tabUnselected {color:[[ColorPalette::Background]]; background:[[ColorPalette::TertiaryMid]];}
.tabContents {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::TertiaryPale]]; border:1px solid [[ColorPalette::TertiaryLight]];}
.tabContents .button {border:0;}
#sidebar { display: none; }
/* #sidebar {} */
#sidebarOptions input {border:1px solid [[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel {background:[[ColorPalette::PrimaryPale]];}
#sidebarOptions .sliderPanel a {border:none;color:[[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel a:hover {color:[[ColorPalette::Background]]; background:[[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel a:active {color:[[ColorPalette::PrimaryMid]]; background:[[ColorPalette::Background]];}
.wizard { background:[[ColorPalette::PrimaryPale]]; }
.wizard__title { color:[[ColorPalette::PrimaryDark]]; border:none; }
.wizard__subtitle { color:[[ColorPalette::Foreground]]; border:none; }
.wizardStep { background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]]; }
.wizardStep.wizardStepDone {background:[[ColorPalette::TertiaryLight]];}
.wizardFooter {background:[[ColorPalette::PrimaryPale]];}
.wizardFooter .status {background:[[ColorPalette::PrimaryDark]]; color:[[ColorPalette::Background]];}
.wizard .button {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::SecondaryLight]]; border: 1px solid;
 border-color:[[ColorPalette::SecondaryPale]] [[ColorPalette::SecondaryDark]] [[ColorPalette::SecondaryDark]] [[ColorPalette::SecondaryPale]];}
.wizard .button:hover {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::Background]];}
.wizard .button:active {color:[[ColorPalette::Background]]; background:[[ColorPalette::Foreground]]; border: 1px solid;
 border-color:[[ColorPalette::PrimaryDark]] [[ColorPalette::PrimaryPale]] [[ColorPalette::PrimaryPale]] [[ColorPalette::PrimaryDark]];}
.wizard .notChanged {background:transparent;}
.wizard .changedLocally {background:#80ff80;}
.wizard .changedServer {background:#8080ff;}
.wizard .changedBoth {background:#ff8080;}
.wizard .notFound {background:#ffff80;}
.wizard .putToServer {background:#ff80ff;}
.wizard .gotFromServer {background:#80ffff;}
.messageArea { border:2px solid [[ColorPalette::Background]]; background:[[ColorPalette::PrimaryMid]]; color:[[ColorPalette::Background]]; }
.messageToolbar__button { color:[[ColorPalette::PrimaryMid]]; background:[[ColorPalette::SecondaryPale]]; border:none; }
.messageToolbar__button_withIcon { background:inherit; }
.messageToolbar__button_withIcon:active { background:inherit; border:none; }
.messageToolbar__icon { fill:[[ColorPalette::TertiaryDark]]; }
.messageToolbar__icon:hover { fill:[[ColorPalette::Foreground]]; }
.popupTiddler {background:[[ColorPalette::TertiaryPale]]; border:2px solid [[ColorPalette::TertiaryMid]];}
.popup {background:[[ColorPalette::TertiaryPale]]; color:[[ColorPalette::TertiaryDark]]; border-left:1px solid [[ColorPalette::TertiaryMid]]; border-top:1px solid [[ColorPalette::TertiaryMid]]; border-right:2px solid [[ColorPalette::TertiaryDark]]; border-bottom:2px solid [[ColorPalette::TertiaryDark]]; }
.popup hr {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::PrimaryDark]]; border-bottom:1px;}
.popup li.disabled {color:[[ColorPalette::TertiaryMid]];}
.popup li a, .popup li a:visited {color:[[ColorPalette::Foreground]]; border: none;}
.popup li a:hover {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; border: none;}
.popup li a:active {background:[[ColorPalette::SecondaryPale]]; color:[[ColorPalette::Foreground]]; border: none;}
.popupHighlight {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
.listBreak div {border-bottom:1px solid [[ColorPalette::TertiaryDark]];}
.tiddler .defaultCommand {font-weight:bold;}
.shadow .title {color:[[ColorPalette::TertiaryDark]];}
.title {color:[[ColorPalette::SecondaryDark]];}
.subtitle {color:[[ColorPalette::TertiaryDark]];}
.toolbar {color:[[ColorPalette::PrimaryMid]];}
.toolbar a {color:[[ColorPalette::TertiaryLight]];}
.selected .toolbar a {color:[[ColorPalette::TertiaryMid]];}
.selected .toolbar a:hover {color:[[ColorPalette::Foreground]];}
.tagging, .tagged {border:1px solid [[ColorPalette::TertiaryPale]]; background-color:[[ColorPalette::TertiaryPale]];}
.selected .tagging, .selected .tagged {background-color:[[ColorPalette::TertiaryLight]]; border:1px solid [[ColorPalette::TertiaryMid]];}
.tagging .listTitle, .tagged .listTitle {color:[[ColorPalette::PrimaryDark]];}
.tagging .button, .tagged .button {border:none;}
.footer {color:[[ColorPalette::TertiaryLight]];}
.selected .footer {color:[[ColorPalette::TertiaryMid]];}
.error, .errorButton {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::Error]];}
.warning {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::SecondaryPale]];}
.lowlight {background:[[ColorPalette::TertiaryLight]];}
.zoomer {background:none; color:[[ColorPalette::TertiaryMid]]; border:3px solid [[ColorPalette::TertiaryMid]];}
.imageLink, #displayArea .imageLink {background:transparent;}
.annotation {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; border:2px solid [[ColorPalette::SecondaryMid]];}
.viewer .listTitle {list-style-type:none; margin-left:-2em;}
.viewer .button {border:1px solid [[ColorPalette::SecondaryMid]];}
.viewer blockquote {border-left:3px solid [[ColorPalette::TertiaryDark]];}
.viewer table, table.twtable {border:2px solid [[ColorPalette::TertiaryDark]];}
.viewer th, .viewer thead td, .twtable th, .twtable thead td {background:[[ColorPalette::SecondaryMid]]; border:1px solid [[ColorPalette::TertiaryDark]]; color:[[ColorPalette::Background]];}
.viewer td, .viewer tr, .twtable td, .twtable tr {border:1px solid [[ColorPalette::TertiaryDark]];}
.viewer pre {border:1px solid [[ColorPalette::SecondaryLight]]; background:[[ColorPalette::SecondaryPale]];}
.viewer code {color:[[ColorPalette::SecondaryDark]];}
.viewer hr {border:0; border-top:dashed 1px [[ColorPalette::TertiaryDark]]; color:[[ColorPalette::TertiaryDark]];}
.highlight, .marked {background:[[ColorPalette::SecondaryLight]];}
.editor input {border:1px solid [[ColorPalette::PrimaryMid]];}
.editor textarea {border:1px solid [[ColorPalette::PrimaryMid]]; width:100%;}
.editorFooter {color:[[ColorPalette::TertiaryMid]];}
.readOnly {background:[[ColorPalette::TertiaryPale]];}
#backstageArea {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::TertiaryMid]];}
#backstageArea a {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::Background]]; border:none;}
#backstageArea a:hover {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; }
#backstageArea a.backstageSelTab {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
#backstageButton a {background:none; color:[[ColorPalette::Background]]; border:none;}
#backstageButton a:hover {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::Background]]; border:none;}
#backstagePanel {background:[[ColorPalette::Background]]; border-color: [[ColorPalette::Background]] [[ColorPalette::TertiaryDark]] [[ColorPalette::TertiaryDark]] [[ColorPalette::TertiaryDark]];}
.backstagePanelFooter .button {border:none; color:[[ColorPalette::Background]];}
.backstagePanelFooter .button:hover {color:[[ColorPalette::Foreground]];}
#backstageCloak {background:[[ColorPalette::Foreground]]; opacity:0.6; filter:alpha(opacity=60);}
/*}}}*/
/*{{{*/
* html .tiddler {height:1%;}
/* font-size:.75em; */
body {font-size:1em; font-family:arial,helveticahelvetica; margin:0; padding:0;}
h1,h2,h3,h4,h5,h6 {font-weight:bold; text-decoration:none;}
h1,h2,h3 {padding-bottom:1px; margin-top:1.2em;margin-bottom:0.3em;}
h4,h5,h6 {margin-top:1em;}
h1 {font-size:1.35em;}
h2 {font-size:1.25em;}
h3 {font-size:1.1em;}
h4 {font-size:1em;}
h5 {font-size:1em;}
hr {height:1px;}
a {text-decoration:none;}
dt {font-weight:bold;}
ol {list-style-type:decimal;}
ol ol {list-style-type:lower-alpha;}
ol ol ol {list-style-type:lower-roman;}
ol ol ol ol {list-style-type:decimal;}
ol ol ol ol ol {list-style-type:lower-alpha;}
ol ol ol ol ol ol {list-style-type:lower-roman;}
ol ol ol ol ol ol ol {list-style-type:decimal;}
.txtOptionInput {width:10em;}
#contentWrapper .chkOptionInput {border:0;}
.externalLink {text-decoration:underline;}
.indent {margin-left:3em;}
.outdent {margin-left:3em; text-indent:-3em;}
code.escaped {white-space:nowrap;}
.tiddlyLinkExisting {font-weight:bold;}
.tiddlyLinkNonExisting {font-style:italic;}
/* the 'a' is required for IE, otherwise it renders the whole tiddler in bold */
a.tiddlyLinkNonExisting.shadow {font-weight:bold;}
#mainMenu .tiddlyLinkExisting,
#mainMenu .tiddlyLinkNonExisting,
#sidebarTabs .tiddlyLinkNonExisting {font-weight:normal; font-style:normal;}
#sidebarTabs .tiddlyLinkExisting {font-weight:bold; font-style:normal;}
.header {position:relative;}
.header a:hover {background:transparent;}
.headerShadow {position:relative; padding:4.5em 0 1em 1em; left:-1px; top:-1px;}
.headerForeground {position:absolute; padding:4.5em 0 1em 1em; left:0; top:0;}
.siteTitle {font-size:3em;font-style:italic;}
.siteSubtitle {font-size:1.5em;}
#mainMenu {position:absolute; left:0; width:10em; text-align:right; line-height:1.6em; padding:1.5em 0.5em 0.5em 0.5em; font-size:1.1em;}
#sidebar { display: none; }
/* #sidebar {position:absolute; right:3px; width:16em; font-size:.9em;} */
#sidebarOptions {padding-top:0.3em;}
#sidebarOptions a {margin:0 0.2em; padding:0.2em 0.3em; display:block;}
#sidebarOptions input {margin:0.4em 0.5em;}
#sidebarOptions .sliderPanel {margin-left:1em; padding:0.5em; font-size:.85em;}
#sidebarOptions .sliderPanel a {font-weight:bold; display:inline; padding:0;}
#sidebarOptions .sliderPanel input {margin:0 0 0.3em 0;}
#sidebarTabs .button { margin:0em 0.2em; padding:0.2em 0.3em; display:block; }
#sidebarTabs .tabContents {width:15em; overflow:hidden;}
.wizard { padding:0.1em 2em 0; }
.wizard__title { font-size:2em; }
.wizard__subtitle { font-size:1.2em; }
.wizard__title, .wizard__subtitle { font-weight:bold; background:none; padding:0; margin:0.4em 0 0.2em; }
.wizardStep { padding:1em; }
.wizardFooter { padding:0.8em 0.4em 0.8em 0; }
.wizardFooter .status { padding:0.2em 0.7em; margin-left:0.3em; }
.wizardFooter .button { margin:0.5em 0 0; font-size:1.2em; padding:0.2em 0.5em; }
.messageArea { position:fixed; top:0; right:20em; margin:0.5em; padding:0.7em 1em; z-index:2000; }
.messageToolbar { text-align:right; padding:0.2em 0; }
.messageToolbar__button { text-decoration:underline; }
.messageToolbar__icon { height: 1em; }
.messageArea__text a { text-decoration:underline; }
.tiddlerPopupButton {padding:0.2em;}
.popupTiddler {position: absolute; z-index:300; padding:1em; margin:0;}
.popup {position:absolute; z-index:300; font-size:.9em; padding:0.3em 0; list-style:none; margin:0; padding: 0.3em 0; border: none; box-shadow: 1px 2px 5px [[ColorPalette::TertiaryMid]];}
.popup .popupMessage {padding:0.4em;}
.popup hr {display:block; height:1px; width:auto; padding:0; margin:0.2em 0;}
.popup li.disabled {padding:0.4em;}
.popup li a {display:block; padding: 0.5em 0.5em; font-weight:normal; cursor:pointer;}
.listBreak {font-size:1px; line-height:1px;}
.listBreak div {margin:2px 0;}
.tabset {padding:1em 0 0 0.5em;}
.tab {margin:0 0 0 0.25em; padding:2px;}
.tabContents {padding:0.5em;}
.tabContents ul, .tabContents ol {margin:0; padding:0;}
.txtMainTab .tabContents li {list-style:none;}
.tabContents li.listLink { margin-left:.75em;}
#contentWrapper {display:block;}
#splashScreen {display:none;}
/* 0C wide displayArea top(1)/right(17)/bottom(0)/left(14) */
#displayArea {margin:0 0 0 10em;}
.toolbar {text-align:right; font-size:.9em;}
.tiddler {padding:1em 1em 0;}
.missing .viewer,.missing .title {font-style:italic;}
.title {font-size:1.6em; font-weight:bold;}
.missing .subtitle {display:none;}
.subtitle {font-size:1.1em;}
.tiddler .button {padding:0.2em 0.4em;}
.tagging {margin:0.5em 0.5em 0.5em 0; float:left; display:none;}
.isTag .tagging {display:block;}
.tagged {margin:0.5em; float:right;}
.tagging, .tagged {font-size:0.9em; padding:0.25em;}
.tagging ul, .tagged ul {list-style:none; margin:0.25em; padding:0;}
.tagClear {clear:both;}
.footer {font-size:.9em;}
.footer li {display:inline;}
.annotation {padding:0.5em; margin:0.5em;}
* html .viewer pre {width:99%; padding:0 0 1em 0;}
.viewer {line-height:1.4em; padding-top:0.5em;}
.viewer .button {margin:0 0.25em; padding:0 0.25em;}
.viewer blockquote {line-height:1.5em; padding-left:0.8em;margin-left:2.5em;}
.viewer ul, .viewer ol {margin-left:0.5em; padding-left:1.5em;}
.viewer table, table.twtable {border-collapse:collapse; margin:0.8em 1.0em;}
.viewer th, .viewer td, .viewer tr,.viewer caption,.twtable th, .twtable td, .twtable tr,.twtable caption {padding:3px;}
table.listView {font-size:0.85em; margin:0.8em 1.0em;}
table.listView th, table.listView td, table.listView tr {padding:0 3px 0 3px;}
.viewer pre {padding:0.5em; margin-left:0.5em; font-size:1.2em; line-height:1.4em; overflow:auto;}
.viewer code {font-size:1.2em; line-height:1.4em;}
.editor {font-size:1.1em;}
.editor input, .editor textarea {display:block; width:100%; box-sizing: border-box; font:inherit;}
.editorFooter {padding:0.25em 0; font-size:.9em;}
.editorFooter .button {padding-top:0; padding-bottom:0;}
.fieldsetFix {border:0; padding:0; margin:1px 0px;}
.zoomer {font-size:1.1em; position:absolute; overflow:hidden;}
.zoomer div {padding:1em;}
* html #backstage {width:99%;}
* html #backstageArea {width:99%;}
#backstageArea {display:none; position:relative; overflow: hidden; z-index:150; padding:0.3em 0.5em;}
#backstageToolbar {position:relative;}
#backstageArea a {font-weight:bold; margin-left:0.5em; padding:0.3em 0.5em;}
#backstageButton {display:none; position:absolute; z-index:175; top:0; right:0;}
#backstageButton a {padding:0.1em 0.4em; margin:0.1em;}
#backstage {position:relative; width:100%; z-index:50;}
#backstagePanel { display:none; z-index:100; position:absolute; width:90%; margin-left:3em; }
.backstagePanelFooter {padding-top:0.2em; float:right;}
.backstagePanelFooter a {padding:0.2em 0.4em;}
#backstageCloak {display:none; z-index:20; position:absolute; width:100%; height:100px;}
.whenBackstage {display:none;}
.backstageVisible .whenBackstage {display:block;}
/*}}}*/
/*{{{*/
body {font-size:1em;}
#sidebarOptions {font-size:1.05em;}
#sidebarOptions a {font-style:normal;}
#sidebarOptions .sliderPanel {font-size:0.95em;}
.subtitle {font-size:0.8em;}
.viewer table.listView {font-size:0.95em;}
/*}}}*/
/*{{{*/
@media print {
#mainMenu, #sidebar, .messageArea, .toolbar, #backstageButton, #backstageArea {display: none !important;}
#displayArea { margin-right: 0; }
/* #displayArea {margin: 1em 1em 0em;} */
noscript {display:none;}
}
/*}}}*/
<!--{{{-->
<div class='toolbar' role='navigation' macro='toolbar [[ToolbarCommands::ViewToolbar]]'></div>
<div class='title' macro='view title'></div>
<div class='viewer' macro='view text wikified'></div>
<div class='tagClear'></div>
<!--}}}-->
/% |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!show
<<tiddler {{
 var co=config.options;
 if (co.chkShowLeftSidebar===undefined) co.chkShowLeftSidebar=true;
 var mm=document.getElementById('mainMenu');
 var da=document.getElementById('displayArea');
 if (mm) {
 mm.style.display=co.chkShowLeftSidebar?'block':'none';
 da.style.marginLeft=co.chkShowLeftSidebar?'':'1em';
 }
'';}}>><html><nowiki><a href='javascript:;' title="$2"
onmouseover="
 this.href='javascript:void(eval(decodeURIComponent(%22(function(){try{('
 +encodeURIComponent(encodeURIComponent(this.onclick))
 +')()}catch(e){alert(e.description?e.description:e.toString())}})()%22)))';"
onclick="
 var co=config.options;
 var opt='chkShowLeftSidebar';
 var show=co[opt]=!co[opt];
 var mm=document.getElementById('mainMenu');
 var da=document.getElementById('displayArea');
 if (mm) {
 mm.style.display=show?'block':'none';
 da.style.marginLeft=show?'':'1em';
 }
 saveOptionCookie(opt);
 var labelShow=co.txtToggleLeftSideBarLabelShow||'&#x25BA;';
 var labelHide=co.txtToggleLeftSideBarLabelHide||'&#x25C4;';
 if (this.innerHTML==labelShow||this.innerHTML==labelHide)
 this.innerHTML=show?labelHide:labelShow;
 this.title=(show?'masquer':'montrer')+' le menu à gauche';
 var sm=document.getElementById('storyMenu');
 if (sm) config.refreshers.content(sm);
 return false;
">$1</a></html>
!end
%/<<tiddler {{
 var src='.ToggleLeftSidebar';
 src+(tiddler&&tiddler.title==src?'##info':'##show');
}} with: {{
 var co=config.options;
 var labelShow=co.txtToggleLeftSideBarLabelShow||'&#x25BA;&#x25C1;'; /%0C%/
 var labelHide=co.txtToggleLeftSideBarLabelHide||'&#x25C4;&#x25B7;'; /%0C%/
 '$1'!='$'+'1'?'$1':(co.chkShowLeftSidebar?labelHide:labelShow);
}} {{
 var tip=(config.options.chkShowLeftSidebar?'cacher':'montrer')+' le menu gauche'; /%0C%/
 '$2'!='$'+'2'?'$2':tip;
}}>>
/% |Author|Eric Shulman|License|https://www.TiddlyTools.com/#LegalStatements|
%/<html><nowiki><a href="javascript:;" title="masquer/montrer l'en-tête" /%0C%/
onmouseover="
 this.href='javascript:void(eval(decodeURIComponent(%22(function(){try{('
 +encodeURIComponent(encodeURIComponent(this.onclick))
 +')()}catch(e){alert(e.description?e.description:e.toString())}})()%22)))';"
onclick="
 var c=document.getElementById('contentWrapper'); if (!c) return;
 for (var i=0; i<c.childNodes.length; i++)
 if (hasClass(c.childNodes[i],'header')) { var h=c.childNodes[i]; break; }
 if (!h) return;
 config.options.chkHideSiteTitles=h.style.display!='none';
 h.style.display=config.options.chkHideSiteTitles?'none':'block';
 saveOptionCookie('chkHideSiteTitles');
 return false;
">&#x25b3;&#x25bc;</a></html>
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
*/
//{{{
version.extensions.BreadcrumbsPlugin= {major: 2, minor: 1, revision: 4, date: new Date(2011,2,16)};
var defaults={
 chkShowBreadcrumbs: true,
 chkReorderBreadcrumbs: true,
 chkCreateDefaultBreadcrumbs: true,
 chkShowStartupBreadcrumbs: false,
 chkBreadcrumbsReverse: false,
 chkBreadcrumbsLimit: false,
 txtBreadcrumbsLimit: 5,
 chkBreadcrumbsLimitOpenTiddlers:false,
 txtBreadcrumbsLimitOpenTiddlers:3,
 chkBreadcrumbsHideHomeLink: false,
 chkBreadcrumbsSave: false,
 txtBreadcrumbsHomeSeparator: ' | ',
 txtBreadcrumbsCrumbSeparator: ' > '
};
for (var id in defaults) if (config.options[id]===undefined)
 config.options[id]=defaults[id];
config.macros.breadcrumbs = {
 crumbs: [], // the list of current breadcrumbs
 askMsg: "Save current breadcrumbs before clearing?\n"
 +"Press OK to save, or CANCEL to continue without saving.",
 saveMsg: 'Enter the name of a tiddler in which to save the current breadcrumbs',
 saveTitle: 'SavedBreadcrumbs',
 handler: function(place,macroName,params,wikifier,paramString,tiddler) {
 var area=createTiddlyElement(place,"span",null,"breadCrumbs",null);
 area.setAttribute("homeSep",params[0]||config.options.txtBreadcrumbsHomeSeparator);
 area.setAttribute("crumbSep",params[1]||config.options.txtBreadcrumbsCrumbSeparator);
 this.render(area);
 },
 add: function (title) {
 var thisCrumb = title;
 var ind = this.crumbs.indexOf(thisCrumb);
 if(ind === -1)
 this.crumbs.push(thisCrumb);
 else if (config.options.chkReorderBreadcrumbs)
 this.crumbs.push(this.crumbs.splice(ind,1)[0]); // reorder crumbs
 else
 this.crumbs=this.crumbs.slice(0,ind+1); // trim crumbs
 if (config.options.chkBreadcrumbsLimitOpenTiddlers)
 this.limitOpenTiddlers();
 this.refresh();
 return false;
 },
 getAreas: function() {
 var crumbAreas=[];
 // find all DIVs with classname=="breadCrumbs"
 var all=document.getElementsByTagName("*");
 for (var i=0; i<all.length; i++)
 try{ if (hasClass(all[i],"breadCrumbs")) crumbAreas.push(all[i]); } catch(e) {;}
 // or, find single DIV w/fixed ID (backward compatibility)
 var byID=document.getElementById("breadCrumbs")
 if (byID && !hasClass(byID,"breadCrumbs")) crumbAreas.push(byID);
 if (!crumbAreas.length && config.options.chkCreateDefaultBreadcrumbs) {
 // no crumbs display... create one
 var defaultArea = createTiddlyElement(null,"span",null,"breadCrumbs",null);
 defaultArea.style.display= "none";
 var targetArea= document.getElementById("tiddlerDisplay");
 targetArea.parentNode.insertBefore(defaultArea,targetArea);
 crumbAreas.push(defaultArea);
 }
 return crumbAreas;
 },
 refresh: function() {
 var crumbAreas=this.getAreas();
 for (var i=0; i<crumbAreas.length; i++) {
 crumbAreas[i].style.display = config.options.chkShowBreadcrumbs?"inline":"none";
 removeChildren(crumbAreas[i]);
 this.render(crumbAreas[i]);
 }
 },
 render: function(here) {
 var co=config.options; var out=""
 if (!co.chkBreadcrumbsHideHomeLink) {
 createTiddlyButton(here,"Accueil",null,this.home,"tiddlyLink tiddlyLinkExisting");
 out+=here.getAttribute("homeSep")||config.options.txtBreadcrumbsHomeSeparator;
 }
 for (c=0; c<this.crumbs.length; c++) // remove non-existing tiddlers from crumbs
 if (!store.tiddlerExists(this.crumbs[c]) && !store.isShadowTiddler(this.crumbs[c]))
 this.crumbs.splice(c,1);
 var count=this.crumbs.length;
 if (co.chkBreadcrumbsLimit && co.txtBreadcrumbsLimit<count) count=co.txtBreadcrumbsLimit;
 var list=[];
 for (c=this.crumbs.length-count; c<this.crumbs.length; c++) list.push('[['+this.crumbs[c]+']]');
 if (co.chkBreadcrumbsReverse) list.reverse();
 out+=list.join(here.getAttribute("crumbSep")||config.options.txtBreadcrumbsCrumbSeparator);
 wikify(out,here);
 },
 home: function() {
 var cmb=config.macros.breadcrumbs;
 if (config.options.chkBreadcrumbsSave && confirm(cmb.askMsg)) cmb.saveCrumbs();
 story.closeAllTiddlers(); restart();
 cmb.crumbs = []; var crumbAreas=cmb.getAreas();
 for (var i=0; i<crumbAreas.length; i++) crumbAreas[i].style.display = "none";
 return false;
 },
 saveCrumbs: function() {
 var tid=prompt(this.saveMsg,this.saveTitle); if (!tid||!tid.length) return; // cancelled by user
 var t=store.getTiddler(tid);
 if(t && !confirm(config.messages.overwriteWarning.format([tid]))) return;
 var who=config.options.txtUserName;
 var when=new Date();
 var text='[['+this.crumbs.join(']]\n[[')+']]';
 var tags=t?t.tags:[]; tags.pushUnique('story');
 var fields=t?t.fields:{};
 store.saveTiddler(tid,tid,text,who,when,tags,fields);
 story.displayTiddler(null,tid);
 story.refreshTiddler(tid,null,true);
 displayMessage(tid+' has been '+(t?'updated':'created'));
 },
 limitOpenTiddlers: function() {
 var limit=config.options.txtBreadcrumbsLimitOpenTiddlers; if (limit<1) limit=1;
 for (c=this.crumbs.length-1; c>=0; c--) {
 var tid=this.crumbs[c];
 var elem=story.getTiddler(tid);
 if (elem) { // tiddler is displayed
 if (limit <=0) { // display limit has been reached
 if (elem.getAttribute("dirty")=="true") { // tiddler is being edited
 var msg= "'"+tid+"' is currently being edited.\n\n"
 +"Press OK to save and close this tiddler\n"
 +"or press Cancel to leave it opened";
 if (confirm(msg)) {
 story.closeTiddler(tid);
 }
 }
 else story.closeTiddler(this.crumbs[c]);
 }
 limit--;
 }
 }
 }
};
//}}}
// // PreviousTiddler ('back') command and macro
//{{{
config.commands.previousTiddler = {
 text: 'back',
 tooltip: 'view the previous tiddler',
 handler: function(event,src,title) {
 var crumbs=config.macros.breadcrumbs.crumbs;
 if (crumbs.length<2) config.macros.breadcrumbs.home();
 else story.displayTiddler(story.findContainingTiddler(src),crumbs[crumbs.length-2]);
 return false;
 }
};
config.macros.previousTiddler= {
 label: 'back',
 prompt: 'view the previous tiddler',
 handler: function(place,macroName,params,wikifier,paramString,tiddler) {
 var label=params.shift(); if (!label) label=this.label;
 var prompt=params.shift(); if (!prompt) prompt=this.prompt;
 createTiddlyButton(place,label,prompt,function(ev){
 return config.commands.previousTiddler.handler(ev,this)
 });
 }
}//}}}
// // HIJACKS
//{{{
// update crumbs when a tiddler is displayed
if (Story.prototype.breadCrumbs_coreDisplayTiddler==undefined)
 Story.prototype.breadCrumbs_coreDisplayTiddler=Story.prototype.displayTiddler;
Story.prototype.displayTiddler = function(srcElement,tiddler) {
 var title=(tiddler instanceof Tiddler)?tiddler.title:tiddler;
 this.breadCrumbs_coreDisplayTiddler.apply(this,arguments);
 if (!startingUp || config.options.chkShowStartupBreadcrumbs)
 config.macros.breadcrumbs.add(title);
}
// update crumbs when a tiddler is deleted
if (TiddlyWiki.prototype.breadCrumbs_coreRemoveTiddler==undefined)
 TiddlyWiki.prototype.breadCrumbs_coreRemoveTiddler=TiddlyWiki.prototype.removeTiddler;
TiddlyWiki.prototype.removeTiddler= function() {
 this.breadCrumbs_coreRemoveTiddler.apply(this,arguments);
 config.macros.breadcrumbs.refresh();
}
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!Configuration
<<<
<<option chkDisableWikiLinks>> Disable ALL automatic WikiWord tiddler links
<<option chkAllowLinksFromShadowTiddlers>> ... except for WikiWords //contained in// shadow tiddlers
<<option chkDisableNonExistingWikiLinks>> Disable automatic WikiWord links for non-existing tiddlers
Disable automatic WikiWord links for words listed in: <<option txtDisableWikiLinksList>>
Disable automatic WikiWord links for tiddlers tagged with: <<option txtDisableWikiLinksTag>>
<<<
!Code
*/
//{{{
version.extensions.DisableWikiLinksPlugin= {major: 1, minor: 6, revision: 0, date: new Date(2008,7,22)};
if (config.options.chkDisableNonExistingWikiLinks==undefined) config.options.chkDisableNonExistingWikiLinks= false;
if (config.options.chkDisableWikiLinks==undefined) config.options.chkDisableWikiLinks=false;
if (config.options.txtDisableWikiLinksList==undefined) config.options.txtDisableWikiLinksList="DisableWikiLinksList";
if (config.options.chkAllowLinksFromShadowTiddlers==undefined) config.options.chkAllowLinksFromShadowTiddlers=true;
if (config.options.txtDisableWikiLinksTag==undefined) config.options.txtDisableWikiLinksTag="excludeWikiWords";
// find the formatter for wikiLink and replace handler with 'pass-thru' rendering
initDisableWikiLinksFormatter();
function initDisableWikiLinksFormatter() {
 for (var i=0; i<config.formatters.length && config.formatters[i].name!="wikiLink"; i++);
 config.formatters[i].coreHandler=config.formatters[i].handler;
 config.formatters[i].handler=function(w) {
  // supress any leading "~" (if present)
  var skip=(w.matchText.substr(0,1)==config.textPrimitives.unWikiLink)?1:0;
  var title=w.matchText.substr(skip);
  var exists=store.tiddlerExists(title);
  var inShadow=w.tiddler && store.isShadowTiddler(w.tiddler.title);
  // check for excluded Tiddler
  if (w.tiddler && w.tiddler.isTagged(config.options.txtDisableWikiLinksTag))
   { w.outputText(w.output,w.matchStart+skip,w.nextMatch); return; }
  // check for specific excluded wiki words
  var t=store.getTiddlerText(config.options.txtDisableWikiLinksList);
  if (t && t.length && t.indexOf(w.matchText)!=-1)
   { w.outputText(w.output,w.matchStart+skip,w.nextMatch); return; }
  // if not disabling links from shadows (default setting)
  if (config.options.chkAllowLinksFromShadowTiddlers && inShadow)
   return this.coreHandler(w);
  // check for non-existing non-shadow tiddler
  if (config.options.chkDisableNonExistingWikiLinks && !exists)
   { w.outputText(w.output,w.matchStart+skip,w.nextMatch); return; }
  // if not enabled, just do standard WikiWord link formatting
  if (!config.options.chkDisableWikiLinks)
   return this.coreHandler(w);
  // just return text without linking
  w.outputText(w.output,w.matchStart+skip,w.nextMatch)
 }
}
Tiddler.prototype.coreAutoLinkWikiWords = Tiddler.prototype.autoLinkWikiWords;
Tiddler.prototype.autoLinkWikiWords = function()
{
 if (!config.options.chkDisableWikiLinks)
  return this.coreAutoLinkWikiWords.apply(this,arguments);
 return false;
}
Tiddler.prototype.disableWikiLinks_changed = Tiddler.prototype.changed;
Tiddler.prototype.changed = function()
{
 this.disableWikiLinks_changed.apply(this,arguments);
 var t=store.getTiddlerText(config.options.txtDisableWikiLinksList,"").readBracketedList();
 if (t.length) for (var i=0; i<t.length; i++)
  if (this.links.contains(t[i]))
   this.links.splice(this.links.indexOf(t[i]),1);
};
//}}}
/* |Author|Yakov Litvin|Forked from|[[abego.ForEachTiddlerPlugin|http://tiddlywiki.abego-software.de/#ForEachTiddlerPlugin]], by Udo Borkowski| */
//{{{
(function(){
// Only install once
if (version.extensions.ForEachTiddlerPlugin) {
 alert("Warning: more than one copy of ForEachTiddlerPlugin is set to be launched");
 return;
} else
 version.extensions.ForEachTiddlerPlugin = {
  source: "[repository url here]",
  licence: "[licence url here]",
  copyright: "Copyright (c) Yakov Litvin, 2012 [url of the meta page]"
 };
config.macros.forEachTiddler = {
 actions: {
  addToList: {},
  write: {}
 }
};
config.macros.forEachTiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler) {
 var parsedParams = this.parseParams(params);
 if (parsedParams.errorText) {
  this.handleError(place, parsedParams.errorText);
  return;
 }//else
  parsedParams.place = place;
  parsedParams.inTiddler = tiddler? tiddler : getContainingTiddler(place);
 parsedParams.actionName = parsedParams.actionName ? parsedParams.actionName : "addToList";
 var actionName = parsedParams.actionName;
 var action = this.actions[actionName];
 if (!action) {
  this.handleError(place, "Unknown action '"+actionName+"'.");
  return;
 }
 var element = document.createElement(action.element);
 jQuery(element).attr({ refresh: "macro", macroName: macroName }).data(parsedParams);
 place.appendChild(element);
 this.refresh(element);
};
config.macros.forEachTiddler.refresh = function(element) {
 var parsedParams = jQuery(element).data(),
  action = this.actions[parsedParams.actionName];
 jQuery(element).empty();
 try {
  var tiddlersAndContext = this.getTiddlersAndContext(parsedParams);
  action.handler(element, tiddlersAndContext.tiddlers,
    parsedParams.actionParameter, tiddlersAndContext.context);
 } catch (e) {
  this.handleError(place, e);
 }
};
config.macros.forEachTiddler.getTiddlersAndContext = function(parameter) {
 var context = config.macros.forEachTiddler.createContext(parameter.place, parameter.filter, parameter.whereClause, parameter.sortClause, parameter.sortAscending, parameter.actionName, parameter.actionParameter, parameter.scriptText, parameter.tiddlyWikiPath, parameter.inTiddler);
 var tiddlyWiki = parameter.tiddlyWikiPath ? this.loadTiddlyWiki(parameter.tiddlyWikiPath) : store;
 context["tiddlyWiki"] = tiddlyWiki;
 var tiddlers = this.findTiddlers(parameter.filter, parameter.whereClause, context, tiddlyWiki);
 context["tiddlers"] = tiddlers;
 if (parameter.sortClause)
  this.sortTiddlers(tiddlers, parameter.sortClause, parameter.sortAscending, context);
 return {tiddlers: tiddlers, context: context};
};
config.macros.forEachTiddler.actions.addToList.element = "ul";
config.macros.forEachTiddler.actions.addToList.handler = function(place, tiddlers, parameter, context) {
 var p = 0;
 if (parameter.length > p) {
  config.macros.forEachTiddler.createExtraParameterErrorElement(place, "addToList", parameter, p);
  return;
 }
 for (var i = 0; i < tiddlers.length; i++) {
  var tiddler = tiddlers[i];
  var listItem = document.createElement("li");
  place.appendChild(listItem);
  createTiddlyLink(listItem, tiddler.title, true);
 }
};
var parseNamedParameter = function(name, parameter, i) {
 var beginExpression = null;
 if ((i < parameter.length) && parameter[i] == name) {
  i++;
  if (i >= parameter.length) {
   throw "Missing text behind '%0'".format([name]);
  }
  return config.macros.forEachTiddler.paramEncode(parameter[i]);
 }
 return null;
}
config.macros.forEachTiddler.actions.write.element = "span";
config.macros.forEachTiddler.actions.write.handler = function(place, tiddlers, parameter, context) {
 var p = 0;
 if (p >= parameter.length) {
  this.handleError(place, "Missing expression behind 'write'.");
  return;
 }
 var textExpression = config.macros.forEachTiddler.paramEncode(parameter[p]);
 p++;
 var beginExpression = parseNamedParameter("begin", parameter, p);
 if (beginExpression !== null)
  p += 2;
 var endExpression = parseNamedParameter("end", parameter, p);
 if (endExpression !== null)
  p += 2;
 var noneExpression = parseNamedParameter("none", parameter, p);
 if (noneExpression !== null)
  p += 2;
 var filename = null;
 var lineSeparator = undefined;
 if ((p < parameter.length) && parameter[p] == "toFile") {
  p++;
  if (p >= parameter.length) {
   this.handleError(place, "Filename expected behind 'toFile' of 'write' action.");
   return;
  }
  filename = config.macros.forEachTiddler.getLocalPath(config.macros.forEachTiddler.paramEncode(parameter[p]));
  p++;
  if ((p < parameter.length) && parameter[p] == "withLineSeparator") {
   p++;
   if (p >= parameter.length) {
    this.handleError(place, "Line separator text expected behind 'withLineSeparator' of 'write' action.");
    return;
   }
   lineSeparator = config.macros.forEachTiddler.paramEncode(parameter[p]);
   p++;
  }
 }
 if (parameter.length > p) {
  config.macros.forEachTiddler.createExtraParameterErrorElement(place, "write", parameter, p);
  return;
 }
 var func = config.macros.forEachTiddler.getEvalTiddlerFunction(textExpression, context);
 var count = tiddlers.length;
 var text = "";
 if (count > 0 && beginExpression)
  text += config.macros.forEachTiddler.getEvalTiddlerFunction(beginExpression, context)(undefined, context, count, undefined);
 for (var i = 0; i < count; i++) {
  var tiddler = tiddlers[i];
  text += func(tiddler, context, count, i);
 }
 if (count > 0 && endExpression)
  text += config.macros.forEachTiddler.getEvalTiddlerFunction(endExpression, context)(undefined, context, count, undefined);
 if (count == 0 && noneExpression)
  text += config.macros.forEachTiddler.getEvalTiddlerFunction(noneExpression, context)(undefined, context, count, undefined);
 if (filename) {
  if (lineSeparator !== undefined) {
   lineSeparator = lineSeparator.replace(/\\n/mg, "\n").replace(/\\r/mg, "\r");
   text = text.replace(/\n/mg,lineSeparator);
  }
  saveFile(filename, convertUnicodeToUTF8(text));
 } else
  wikify(text, place, null/* highlightRegExp */, context.inTiddler);
};
config.macros.forEachTiddler.parseParams = function(params) {
 var i = 0; // index running over the params
 var tiddlyWikiPath = undefined;
 if ((i < params.length) && params[i] == "in") {
  i++;
  if (i >= params.length)
   return { errorText: "TiddlyWiki path expected behind 'in'." };
  tiddlyWikiPath = this.paramEncode((i < params.length) ? params[i] : "");
  i++;
 }
 if ((i < params.length) && params[i] == "filter") {
  i++;
  var filter = (i < params.length) ? params[i] : undefined;
  i++;
 }
 var whereClause ="true";
 if ((i < params.length) && params[i] == "where") {
  i++;
  whereClause = this.paramEncode((i < params.length) ? params[i] : "");
  i++;
 }
 var sortClause = null;
 var sortAscending = true;
 if ((i < params.length) && params[i] == "sortBy") {
  i++;
  if (i >= params.length)
   return { errorText: "sortClause missing behind 'sortBy'." };
  sortClause = this.paramEncode(params[i]);
  i++;
  if ((i < params.length) && (params[i] == "ascending" || params[i] == "descending")) {
    sortAscending = params[i] == "ascending";
    i++;
  }
 }
 var scriptText = null;
 if ((i < params.length) && params[i] == "script") {
  i++;
  scriptText = this.paramEncode((i < params.length) ? params[i] : "");
  i++;
 }
 var actionName = "addToList";
 if (i < params.length) {
  if (!config.macros.forEachTiddler.actions[params[i]])
   return { errorText: "Unknown action '"+params[i]+"'." };
  else {
   actionName = params[i];
   i++;
  }
 }
 var actionParameter = params.slice(i);
 return {
   filter:   filter,
   whereClause:  whereClause,
   sortClause:  sortClause,
   sortAscending:  sortAscending,
   actionName:  actionName,
   actionParameter: actionParameter,
   scriptText:  scriptText,
   tiddlyWikiPath:  tiddlyWikiPath
  }
};
var getContainingTiddler = function(e) {
 while(e && !hasClass(e,"tiddler"))
  e = e.parentNode;
 var title = e ? e.getAttribute("tiddler") : null;
 return title ? store.getTiddler(title) : null;
};
config.macros.forEachTiddler.createContext = function(placeParam, filterParam, whereClauseParam, sortClauseParam, sortAscendingParam, actionNameParam, actionParameterParam, scriptText, tiddlyWikiPathParam, inTiddlerParam) {
 return {
  place  : placeParam,
  filter  : filterParam,
  whereClause : whereClauseParam,
  sortClause : sortClauseParam,
  sortAscending : sortAscendingParam,
  script  : scriptText,
  actionName : actionNameParam,
  actionParameter : actionParameterParam,
  tiddlyWikiPath : tiddlyWikiPathParam,
  inTiddler : inTiddlerParam, // the tiddler containing the <<forEachTiddler ...>> macro call.
  viewerTiddler : getContainingTiddler(placeParam) //the tiddler showing the forEachTiddler result
 };
};
config.macros.forEachTiddler.loadTiddlyWiki = function(path, idPrefix) {
 if (!idPrefix) {
  idPrefix = "store";
 }
 var lenPrefix = idPrefix.length;
 var content = loadFile(this.getLocalPath(path));
 if(content === null) {
  throw "TiddlyWiki '"+path+"' not found.";
 }
 var tiddlyWiki = new TiddlyWiki();
 if (!tiddlyWiki.importTiddlyWiki(content))
  throw "File '"+path+"' is not a TiddlyWiki.";
 tiddlyWiki.dirty = false;
 return tiddlyWiki;
};
config.macros.forEachTiddler.getEvalTiddlerFunction = function (javaScriptExpression, context) {
 var script = context["script"];
 var functionText = "var theFunction = function(tiddler, context, count, index) { return "+javaScriptExpression+"}";
 var fullText = (script ? script+";" : "")+functionText+";theFunction;";
 return eval(fullText);
};
config.macros.forEachTiddler.findTiddlers = function(filter, whereClause, context, tiddlyWiki) {
 var result = [];
 var func = config.macros.forEachTiddler.getEvalTiddlerFunction(whereClause, context);
 if(filter) {
  var tids = tiddlyWiki.filterTiddlers(filter);
  for(var i = 0; i < tids.length; i++)
   if(func(tids[i], context, undefined, undefined))
    result.push(tids[i]);
 } else
  tiddlyWiki.forEachTiddler(function(title,tiddler) {
   if(func(tiddler, context, undefined, undefined))
    result.push(tiddler);
  });
 return result;
};
config.macros.forEachTiddler.sortAscending = function(tiddlerA, tiddlerB) {
 return ((tiddlerA.forEachTiddlerSortValue == tiddlerB.forEachTiddlerSortValue)
   ? 0
   : ((tiddlerA.forEachTiddlerSortValue < tiddlerB.forEachTiddlerSortValue)
    ? -1
    : +1))
};
config.macros.forEachTiddler.sortDescending = function(tiddlerA, tiddlerB) {
 return ((tiddlerA.forEachTiddlerSortValue == tiddlerB.forEachTiddlerSortValue)
   ? 0
   : ((tiddlerA.forEachTiddlerSortValue < tiddlerB.forEachTiddlerSortValue)
    ? +1
    : -1))
};
config.macros.forEachTiddler.sortTiddlers = function(tiddlers, sortClause, ascending, context) {
 var func = config.macros.forEachTiddler.getEvalTiddlerFunction(sortClause, context);
 var count = tiddlers.length;
 var i;
 for (i = 0; i < count; i++) {
  var tiddler = tiddlers[i];
  tiddler.forEachTiddlerSortValue = func(tiddler,context, undefined, undefined);
 }
 tiddlers.sort(ascending ? this.sortAscending : this.sortDescending);
 for (i = 0; i < tiddlers.length; i++)
  delete tiddlers[i].forEachTiddlerSortValue;
};
config.macros.forEachTiddler.createErrorElement = function(place, exception) {
 var message = (exception.description) ? exception.description : exception.toString();
 return createTiddlyElement(place,"span",null,"forEachTiddlerError","<<forEachTiddler ...>>: "+message);
};
config.macros.forEachTiddler.handleError = function(place, exception) {
 if (place) {
  this.createErrorElement(place, exception);
 } else {
  throw exception;
 }
};
config.macros.forEachTiddler.createExtraParameterErrorElement = function(place, actionName, parameter, firstUnusedIndex) {
 var message = "Extra parameter behind '"+actionName+"':";
 for (var i = firstUnusedIndex; i < parameter.length; i++) {
  message += " "+parameter[i];
 }
 this.handleError(place, message);
};
config.macros.forEachTiddler.paramEncode = function(s) {
 var reGTGT = new RegExp("\\$\\)\\)","mg");
 var reGT = new RegExp("\\$\\)","mg");
 return s.replace(reGTGT, ">>").replace(reGT, ">");
};
config.macros.forEachTiddler.getLocalPath = function(originalPath) {
 var originalAbsolutePath = originalPath;
 if(originalAbsolutePath.search(/^((http(s)?)|(file)):/) != 0) {
  if (originalAbsolutePath.search(/^(.\:\\)|(\\\\)|(\/)/) != 0){// is relative?
   var currentUrl = document.location.toString();
   var currentPath = (currentUrl.lastIndexOf("/") > -1) ?
    currentUrl.substr(0, currentUrl.lastIndexOf("/") + 1) :
    currentUrl + "/";
   originalAbsolutePath = currentPath + originalAbsolutePath;
  } else
   originalAbsolutePath = "file://" + originalAbsolutePath;
  originalAbsolutePath = originalAbsolutePath.replace(/\\/mg,"/");
 }
 return getLocalPath(originalAbsolutePath);
};
setStylesheet(
 ".forEachTiddlerError{color: #ffffff;background-color: #880000;}",
 "forEachTiddler");
config.macros.fet = config.macros.forEachTiddler;
String.prototype.startsWith = function(prefix) {
 var n = prefix.length;
 return (this.length >= n) && (this.slice(0, n) == prefix);
};
String.prototype.endsWith = function(suffix) {
 var n = suffix.length;
 return (this.length >= n) && (this.right(n) == suffix);
};
String.prototype.contains = function(substring) {
 return this.indexOf(substring) >= 0;
};
})();
Tiddler.prototype.getSlice = function(sliceName,defaultText) {
 var re = TiddlyWiki.prototype.slicesRE;
 re.lastIndex = 0;
 var m = re.exec(this.text);
 while(m) {
  if(m[2]) {
   if(m[2] == sliceName)
    return m[3];
  } else {
   if(m[5] == sliceName)
    return m[6];
  }
  m = re.exec(this.text);
 }
 return defaultText;
};
Tiddler.prototype.getSection = function(sectionName,defaultText) {
 var beginSectionRegExp = new RegExp("(^!{1,6}[ \t]*" + sectionName.escapeRegExp() + "[ \t]*\n)","mg"),
  sectionTerminatorRegExp = /^!/mg;
 var match = beginSectionRegExp.exec(this.text), sectionText;
 if(match) {
  sectionText = this.text.substr(match.index+match[1].length);
  match = sectionTerminatorRegExp.exec(sectionText);
  if(match)
   sectionText = sectionText.substr(0,match.index-1); // don't include final \n
  return sectionText
 }
 return defaultText;
};
//}}}
/* |Author|Eric Shulman|1.1.1|License|http://www.TiddlyTools.com/#LegalStatements|
!Code
*/
//{{{
version.extensions.FramedLinksPlugin= {major: 1, minor: 1, revision: 1, date: new Date(2008,11,14)};
var co=config.options; // abbreviation
if (co.chkFramedLinks==undefined) co.chkFramedLinks=false;
if (co.chkFramedLinksTag==undefined) co.chkFramedLinksTag=true;
if (co.txtFramedLinksTag==undefined) co.txtFramedLinksTag="framedLinks";
if (co.txtFrameWidth==undefined) co.txtFrameWidth="100%";
if (co.txtFrameHeight==undefined) co.txtFrameHeight="80%";
window.framedLinks_createExternalLink=createExternalLink;
window.createExternalLink=function(place,url)
{
 var link=this.framedLinks_createExternalLink.apply(this,arguments);
 link.onclick=function(ev) { var e=ev?ev:window.event;
  var co=config.options; // abbreviation
  var here=story.findContainingTiddler(this);
  if (here) var tid=store.getTiddler(here.getAttribute("tiddler"));
  var enabled=co.chkFramedLinks || co.chkFramedLinksTag && tid && tid.isTagged(co.txtFramedLinksTag);
  if (!enabled || e.ctrlKey || e.shiftKey || e.altKey) return; // BYPASS
  var p=this.parentNode; 
  var f=this.nextSibling?this.nextSibling.firstChild:null; // get the IFRAME... maybe...
  var w=co.txtFrameWidth; if (!w || !w.length) w="100%";
  var h=co.txtFrameHeight; if (!h || !h.length) h="80%";
  if (h.indexOf("%")) h=(findWindowHeight()*h.replace(/%/,"")/100)+"px"; // calc height as % of window
  var showing=f && f.nodeName.toUpperCase()=="IFRAME"; // does IFRAME really exist?
  var stretchCell=p.nodeName.toUpperCase()=="TD" && w.indexOf("%")!=-1 && w.replace(/%/,"")>=100;
  if (!showing) { // create an iframe
   link.style.display="block"; // force IFRAME onto line following link
   if (stretchCell) { p.setAttribute("savedWidth",p.style.width); p.style.width="100%"; } // adjust TD so IFRAME stretches
   var wrapper=createTiddlyElement(null,"span"); // wrapper for slider animation
   wrapper.setAttribute("url",this.href); // for async loading of frame after animation completes
   var f=createTiddlyElement(wrapper,"iframe"); // create IFRAME
   f.style.backgroundColor="#fff"; f.style.width=w; f.style.height=h;
   p.insertBefore(wrapper,this.nextSibling);
   function loadURL(wrapper) { var f=wrapper.firstChild; var url=wrapper.getAttribute("url");
    var d=f.contentDocument?f.contentDocument:(f.contentWindow?f.contentWindow.document:f.document);
    d.open(); d.writeln("<html>connecting to "+url+"</html>"); d.close();
    try { f.src=url; } // if the iframe can't handle the href
    catch(e) { alert(e.description?e.description:e.toString()); } // ... then report the error
    window.scrollTo(0,ensureVisible(wrapper));
   }
   if (!co.chkAnimate) loadURL(wrapper);
   else {
    var morph=new Slider(wrapper,true);
    morph.callback=loadURL;
    morph.properties.push({style: 'width', start: 0, end: 100, template: '%0%'});
    anim.startAnimating(morph);
   }
  } else { // remove iframe
   link.style.display="inline"; // restore link style
   if (stretchCell) p.style.width=p.getAttribute("savedWidth"); // restore previous width of TD
   if (!co.chkAnimate) p.removeChild(f.parentNode);
   else {
    var morph=new Slider(f.parentNode,false,false,"all");
    morph.properties.push({style: 'width', start: 100, end: 0, template: '%0%'});
    anim.startAnimating(morph);
   }
  }
  e.cancelBubble=true; if (e.stopPropagation) e.stopPropagation(); return false;
 }
 return link;
}
//}}}
/* |Author|SaqImtiaz|Version|1.11|0C_Tuned| */
//{{{
config.hoverMenu={};
config.hoverMenu.settings={ align: 'right', x: 4, y: 100 };
config.hoverMenu.handler=function()
{
  var theMenu = createTiddlyElement(document.getElementById("contentWrapper"), "div","hoverMenu");
  theMenu.setAttribute("refresh","content");
  theMenu.setAttribute("tiddler","HoverMenu");
  var menuContent = store.getTiddlerText("HoverMenu");
  wikify(menuContent,theMenu);
        var Xloc = this.settings.x;
        Yloc =this.settings.y;
        var ns = (navigator.appName.indexOf("Netscape") != -1);
        function SetMenu(id)
   {
   var GetElements=document.getElementById?document.getElementById(id):document.all?document.all[id]:document.layers[id];
   if(document.layers)GetElements.style=GetElements;
   GetElements.sP=function(x,y){this.style[config.hoverMenu.settings.align]=x +"px";this.style.top=y +"px";};
   GetElements.x = Xloc;
   GetElements.y = findScrollY();
   GetElements.y += Yloc;
   return GetElements;
   }
  window.LoCate_XY=function()
   {
   var pY =  findScrollY();
   ftlObj.y += (pY + Yloc - ftlObj.y)/15;
   ftlObj.sP(ftlObj.x, ftlObj.y);
   setTimeout("LoCate_XY()", 10);
   }
  ftlObj = SetMenu("hoverMenu");
   LoCate_XY();
};
window.old_lewcid_hovermenu_restart = restart;
restart = function()
{
  window.old_lewcid_hovermenu_restart();
  config.hoverMenu.handler();
};
setStylesheet(
"#hoverMenu .button, #hoverMenu .tiddlyLink {border:none; background:#00F; color:#fff; padding:0 20px; float:right; margin-bottom:5px;}\sn"+
"#hoverMenu .button:hover, #hoverMenu .tiddlyLink:hover {border:none; color:#939597; background:#F5DF4D; padding:0 30px; float:right; margin-bottom:5px;}\sn"+
"#hoverMenu .button {width:100%; text-align:center}"+
"#hoverMenu { position:absolute; width:10px;}\sn"+
"\sn","hoverMenuStyles");
config.macros.renameButton={};
config.macros.renameButton.handler = function(place,macroName,params,wikifier,paramString,tiddler)
{
  if (place.lastChild.tagName!="BR")
       {
  place.lastChild.firstChild.data = params[0];
  if (params[1]) {place.lastChild.title = params[1];}
       }
};
config.shadowTiddlers["HoverMenu"]="<<top>><<jump ≡→ '' top>>^^[[SolarStorm]]^^^^[[CCM]]^^^^[[CCSK]]^^^^[[CAIQ]]^^^^[[Agenda]]^^^^[[Hebdo|Newsletters]]^^^^[[Outils]]^^^^[[Veille|Veille Web]]^^";
config.macros.top={};
config.macros.top.handler=function(place,macroName)
{ createTiddlyButton(place,"→↑↑","↑ Haut de page ↑",this.onclick); }
config.macros.top.onclick=function()
{ window.scrollTo(0,0); };
config.commands.top =
{ text:" ^ ", tooltip:"^ Haut de page ^" };
config.commands.top.handler = function(event,src,title)
{ window.scrollTo(0,0); }

config.macros.jump= {};
config.macros.jump.handler = function (place,macroName,params,wikifier,paramString,tiddler)
{
 var label = (params[0] && params[0]!=".")? params[0]: 'jump';
 var tooltip = (params[1] && params[1]!=".")? params[1]: '→ Aller vers un article déjà ouvert';
 var top = (params[2] && params[2]=='top') ? true: false;
 var btn =createTiddlyButton(place,label,tooltip,this.onclick);
 if (top==true)
       btn.setAttribute("top","true")
}
config.macros.jump.onclick = function(e)
{
 if (!e) var e = window.event;
 var theTarget = resolveTarget(e);
 var top = theTarget.getAttribute("top");
 var popup = Popup.create(this);
 if(popup)
  {
   if(top=="true")
    {createTiddlyButton(createTiddlyElement(popup,"li"),'↑ Tout en Haut ↑','→ Aller tout en haut de cette page',config.macros.jump.top);
     createTiddlyElement(popup,"hr");}

  story.forEachTiddler(function(title,element) {
   createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
   });
  }
 Popup.show(popup,false);
 e.cancelBubble = true;
 if (e.stopPropagation) e.stopPropagation();
 return false;
}
config.macros.jump.top = function()
{
       window.scrollTo(0,0);
}

Popup.show = function(unused,slowly)
{
var curr = Popup.stack[Popup.stack.length-1];
 var rootLeft = findPosX(curr.root);
 var rootTop = findPosY(curr.root);
 var rootHeight = curr.root.offsetHeight;
 var popupLeft = rootLeft;
 var popupTop = rootTop + rootHeight;
 var popupWidth = curr.popup.offsetWidth;
 var winWidth = findWindowWidth();
 if (isChild(curr.root,'hoverMenu'))
       var x = config.hoverMenu.settings.x;
 else
       var x = 0;
 if(popupLeft + popupWidth+x > winWidth)
  popupLeft = winWidth - popupWidth -x;
 if (isChild(curr.root,'hoverMenu'))
    {curr.popup.style.right = x + "px";}
 else
  curr.popup.style.left = popupLeft + "px";
 curr.popup.style.top = popupTop + "px";
 curr.popup.style.display = "block";
 addClass(curr.root,"highlight");
 if(config.options.chkAnimate)
  anim.startAnimating(new Scroller(curr.popup,slowly));
 else
  window.scrollTo(0,ensureVisible(curr.popup));
}
window.isChild = function(e,parentId) {
 while (e != null) {
  var parent = document.getElementById(parentId);
  if (parent == e) return true;
  e = e.parentNode;
  }
 return false;
};
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!Configuration
<<<
Use {{{<hide linebreaks>}}} within HTML content to wiki-style rendering of line breaks. To //always// omit all line breaks from the rendered output, you can set this option:
><<option chkHTMLHideLinebreaks>> ignore all line breaks
which can also be 'hard coded' into your document by adding the following to a tiddler, tagged with <<tag systemConfig>>
>{{{config.options.chkHTMLHideLinebreaks=true;}}}
<<<
!Code
*/
//{{{
version.extensions.HTMLFormattingPlugin= {major: 2, minor: 4, revision: 1, date: new Date(2010,5,7)};
// find the formatter for HTML and replace the handler
initHTMLFormatter();
function initHTMLFormatter()
{
 for (var i=0; i<config.formatters.length && config.formatters[i].name!="html"; i++);
 if (i<config.formatters.length) config.formatters[i].handler=function(w) {
  if (!this.lookaheadRegExp)
   this.lookaheadRegExp = new RegExp(this.lookahead,"mg");
  this.lookaheadRegExp.lastIndex = w.matchStart;
  var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
  if(lookaheadMatch && lookaheadMatch.index == w.matchStart) {
   var html=lookaheadMatch[1];
   // if <nowiki> is present, just let browser handle it!
   if (html.indexOf('<nowiki>')!=-1)
    createTiddlyElement(w.output,"span").innerHTML=html;
   else {
    // if <hide linebreaks> is present, or chkHTMLHideLinebreaks is set
    // suppress wiki-style literal handling of newlines
    if (config.options.chkHTMLHideLinebreaks||(html.indexOf('<hide linebreaks>')!=-1))
     html=html.replace(/\n/g,' ');
    // remove all \r's added by IE textarea and mask newlines and macro brackets
    html=html.replace(/\r/g,'').replace(/\n/g,'\\n').replace(/<</g,'%%(').replace(/>>/g,')%%');
    // create span, let browser parse HTML
    var e=createTiddlyElement(w.output,"span"); e.innerHTML=html;
    // then re-render text nodes as wiki-formatted content
    wikifyTextNodes(e,w);
   }
   w.nextMatch = this.lookaheadRegExp.lastIndex; // continue parsing
  }
 }
}
// wikify #text nodes that remain after HTML content is processed (pre-order recursion)
function wikifyTextNodes(theNode,w)
{
 function unmask(s) { return s.replace(/\%%\(/g,'<<').replace(/\)\%%/g,'>>').replace(/\\n/g,'\n'); }
 switch (theNode.nodeName.toLowerCase()) {
  case 'style': case 'option': case 'select':
   theNode.innerHTML=unmask(theNode.innerHTML);
   break;
  case 'textarea':
   theNode.value=unmask(theNode.value);
   break;
  case '#text':
   var txt=unmask(theNode.nodeValue);
   var newNode=createTiddlyElement(null,"span");
   theNode.parentNode.replaceChild(newNode,theNode);
   wikify(txt,newNode,highlightHack,w.tiddler);
   break;
  default:
   for (var i=0;i<theNode.childNodes.length;i++)
    wikifyTextNodes(theNode.childNodes.item(i),w); // recursion
   break;
 }
}
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!Code
*/
//{{{
version.extensions.ImageSizePlugin= {major: 1, minor: 2, revision: 2, date: new Date(2010,7,24)};
//}}}
//{{{
var f=config.formatters[config.formatters.findByField("name","image")];
f.match="\\[[<>]?[Ii][Mm][Gg](?:\\([^,]*,[^\\)]*\\))?\\[";
f.lookaheadRegExp=/\[([<]?)(>?)[Ii][Mm][Gg](?:\(([^,]*),([^\)]*)\))?\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg;
f.handler=function(w) {
 this.lookaheadRegExp.lastIndex = w.matchStart;
 var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
 if(lookaheadMatch && lookaheadMatch.index == w.matchStart) {
  var floatLeft=lookaheadMatch[1];
  var floatRight=lookaheadMatch[2];
  var width=lookaheadMatch[3];
  var height=lookaheadMatch[4];
  var tooltip=lookaheadMatch[5];
  var src=lookaheadMatch[6];
  var link=lookaheadMatch[7];
  var e = w.output;
  if(link) { // LINKED IMAGE
   if (config.formatterHelpers.isExternalLink(link)) {
    if (config.macros.attach && config.macros.attach.isAttachment(link)) {
     // see [[AttachFilePluginFormatters]]
     e = createExternalLink(w.output,link);
     e.href=config.macros.attach.getAttachment(link);
     e.title = config.macros.attach.linkTooltip + link;
    } else
     e = createExternalLink(w.output,link);
   } else
    e = createTiddlyLink(w.output,link,false,null,w.isStatic);
   addClass(e,"imageLink");
  }
  var img = createTiddlyElement(e,"img");
  if(floatLeft) img.align="left"; else if(floatRight) img.align="right";
  if(width||height) {
   var x=width.trim(); var y=height.trim();
   var stretchW=(x.substr(x.length-1,1)=='+'); if (stretchW) x=x.substr(0,x.length-1);
   var stretchH=(y.substr(y.length-1,1)=='+'); if (stretchH) y=y.substr(0,y.length-1);
   if (x.substr(0,2)=="{{")
    { try{x=eval(x.substr(2,x.length-4))} catch(e){displayMessage(e.description||e.toString())} }
   if (y.substr(0,2)=="{{")
    { try{y=eval(y.substr(2,y.length-4))} catch(e){displayMessage(e.description||e.toString())} }
   img.style.width=x.trim(); img.style.height=y.trim();
   config.formatterHelpers.addStretchHandlers(img,stretchW,stretchH);
  }
  if(tooltip) img.title = tooltip;
  if (config.macros.attach && config.macros.attach.isAttachment(src))
   src=config.macros.attach.getAttachment(src); // see [[AttachFilePluginFormatters]]
  else if (config.formatterHelpers.resolvePath) { // see [[ImagePathPlugin]]
   if (config.browser.isIE || config.browser.isSafari) {
    img.onerror=(function(){
     this.src=config.formatterHelpers.resolvePath(this.src,false);
     return false;
    });
   } else
    src=config.formatterHelpers.resolvePath(src,true);
  }
  img.src=src;
  w.nextMatch = this.lookaheadRegExp.lastIndex;
 }
}
config.formatterHelpers.imageSize={
tip: '', dragtip: 'DRAG=étirer/réduire, '
}
config.formatterHelpers.addStretchHandlers=function(e,stretchW,stretchH) {
 e.title=((stretchW||stretchH)?this.imageSize.dragtip:'')+this.imageSize.tip;
 e.statusMsg='width=%0, height=%1';
 e.style.cursor='move';
 e.originalW=e.style.width;
 e.originalH=e.style.height;
 e.minW=Math.max(e.offsetWidth/20,10);
 e.minH=Math.max(e.offsetHeight/20,10);
 e.stretchW=stretchW;
 e.stretchH=stretchH;
 e.onmousedown=function(ev) { var ev=ev||window.event;
  this.sizing=true;
  this.startX=!config.browser.isIE?ev.pageX:(ev.clientX+findScrollX());
  this.startY=!config.browser.isIE?ev.pageY:(ev.clientY+findScrollY());
  this.startW=this.offsetWidth;
  this.startH=this.offsetHeight;
  return false;
 };
 e.onmousemove=function(ev) { var ev=ev||window.event;
  if (this.sizing) {
   var s=this.style;
   var currX=!config.browser.isIE?ev.pageX:(ev.clientX+findScrollX());
   var currY=!config.browser.isIE?ev.pageY:(ev.clientY+findScrollY());
   var newW=(currX-this.offsetLeft)/(this.startX-this.offsetLeft)*this.startW;
   var newH=(currY-this.offsetTop )/(this.startY-this.offsetTop )*this.startH;
   if (this.stretchW) s.width =Math.floor(Math.max(newW,this.minW))+'px';
   if (this.stretchH) s.height=Math.floor(Math.max(newH,this.minH))+'px';
   clearMessage(); displayMessage(this.statusMsg.format([s.width,s.height]));
  }
  return false;
 };
 e.onmouseup=function(ev) { var ev=ev||window.event;
  if (ev.shiftKey) { this.style.width=this.style.height=''; }
  if (ev.ctrlKey) { this.style.width=this.originalW; this.style.height=this.originalH; }
  this.sizing=false;
  clearMessage();
  return false;
 };
 e.onmouseout=function(ev) { var ev=ev||window.event;
  this.sizing=false;
  clearMessage();
  return false;
 };
}
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|!Code
*/
//{{{
version.extensions.InlineJavascriptPlugin= {major: 1, minor: 9, revision: 6, date: new Date(2010,12,15)};
config.formatters.push( {
 name: "inlineJavascript",
 match: "\\<script",
 lookahead: "\\<script(?: type=\\\"[^\\\"]*\\\")?(?: src=\\\"([^\\\"]*)\\\")?(?: label=\\\"([^\\\"]*)\\\")?(?: title=\\\"([^\\\"]*)\\\")?(?: key=\\\"([^\\\"]*)\\\")?( show)?\\>((?:.|\\n)*?)\\</script\\>",
 handler: function(w) {
  var lookaheadRegExp = new RegExp(this.lookahead,"mg");
  lookaheadRegExp.lastIndex = w.matchStart;
  var lookaheadMatch = lookaheadRegExp.exec(w.source)
  if(lookaheadMatch && lookaheadMatch.index == w.matchStart) {
   var src=lookaheadMatch[1];
   var label=lookaheadMatch[2];
   var tip=lookaheadMatch[3];
   var key=lookaheadMatch[4];
   var show=lookaheadMatch[5];
   var code=lookaheadMatch[6];
   if (src) { // external script library
    var script = document.createElement("script"); script.src = src;
    document.body.appendChild(script); document.body.removeChild(script);
   }
   if (code) { // inline code
    if (show) // display source in tiddler
     wikify("{{{\n"+lookaheadMatch[0]+"\n}}}\n",w.output);
    if (label) { // create 'onclick' command link
     var link=createTiddlyElement(w.output,"a",null,"tiddlyLinkExisting",wikifyPlainText(label));
     var fixup=code.replace(/document.write\s*\(/gi,'place.bufferedHTML+=(');
     link.code="function _out(place,tiddler){"+fixup+"\n};_out(this,this.tiddler);"
     link.tiddler=w.tiddler;
     link.onclick=function(){
      this.bufferedHTML="";
      try{ var r=eval(this.code);
       if(this.bufferedHTML.length || (typeof(r)==="string")&&r.length)
        var s=this.parentNode.insertBefore(document.createElement("span"),this.nextSibling);
       if(this.bufferedHTML.length)
        s.innerHTML=this.bufferedHTML;
       if((typeof(r)==="string")&&r.length) {
        wikify(r,s,null,this.tiddler);
        return false;
       } else return r!==undefined?r:false;
      } catch(e){alert(e.description||e.toString());return false;}
     };
     link.setAttribute("title",tip||"");
     var URIcode='javascript:void(eval(decodeURIComponent(%22(function(){try{';
     URIcode+=encodeURIComponent(encodeURIComponent(code.replace(/\n/g,' ')));
     URIcode+='}catch(e){alert(e.description||e.toString())}})()%22)))';
     link.setAttribute("href",URIcode);
     link.style.cursor="pointer";
     if (key) link.accessKey=key.substr(0,1); // single character only
    }
    else { // run script immediately
     var fixup=code.replace(/document.write\s*\(/gi,'place.innerHTML+=(');
     var c="function _out(place,tiddler){"+fixup+"\n};_out(w.output,w.tiddler);";
     try  { var out=eval(c); }
     catch(e) { out=e.description?e.description:e.toString(); }
     if (out && out.length) wikify(out,w.output,w.highlightRegExp,w.tiddler);
    }
   }
   w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
  }
 }
} )
//}}}
// // Backward-compatibility for TW2.1.x and earlier
//{{{
if (typeof(wikifyPlainText)=="undefined") window.wikifyPlainText=function(text,limit,tiddler) {
 if(limit > 0) text = text.substr(0,limit);
 var wikifier = new Wikifier(text,formatter,null,tiddler);
 return wikifier.wikifyPlain();
}
//}}}
// // GLOBAL FUNCTION: $(...) -- 'shorthand' convenience syntax for document.getElementById()
//{{{
if (typeof($)=='undefined') { function $(id) { return document.getElementById(id.replace(/^#/,'')); } }
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!Configuration
<<<
<<option chkFloatingSlidersAnimate>> allow floating sliders to animate when opening/closing
<<<
!Code
*/
//{{{
version.extensions.NestedSlidersPlugin= {major: 2, minor: 4, revision: 9, date: new Date(2008,11,15)};
// options for deferred rendering of sliders that are not initially displayed
if (config.options.chkFloatingSlidersAnimate===undefined)
 config.options.chkFloatingSlidersAnimate=false; // avoid clipping problems in IE
// default styles for 'floating' class
setStylesheet(".floatingPanel { position:absolute; z-index:10; padding:0.5em; margin:0em; \
 background-color:#fff; color:#014; border:1px solid #000; text-align:left; }","floatingPanelStylesheet");
// if removeCookie() function is not defined by TW core, define it here.
if (window.removeCookie===undefined) {
 window.removeCookie=function(name) {
  document.cookie = name+'=; expires=Thu, 01-Jan-1970 00:00:01 UTC; path=/;';
 }
}
config.formatters.push( {
 name: "nestedSliders",
 match: "\\n?\\+{3}",
 terminator: "\\s*\\={3}\\n?",
 lookahead: "\\n?\\+{3}(\\+)?(\\([^\\)]*\\))?(\\!*)?(\\^(?:[^\\^\\*\\@\\[\\>]*\\^)?)?(\\*)?(\\@)?(?:\\{\\{([\\w]+[\\s\\w]*)\\{)?(\\[[^\\]]*\\])?(\\[[^\\]]*\\])?(?:\\}{3})?(\\#[^:]*\\:)?(\\>)?(\\.\\.\\.)?\\s*",
 handler: function(w)
  {
   lookaheadRegExp = new RegExp(this.lookahead,"mg");
   lookaheadRegExp.lastIndex = w.matchStart;
   var lookaheadMatch = lookaheadRegExp.exec(w.source)
   if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
   {
    var defopen=lookaheadMatch[1];
    var cookiename=lookaheadMatch[2];
    var header=lookaheadMatch[3];
    var panelwidth=lookaheadMatch[4];
    var transient=lookaheadMatch[5];
    var hover=lookaheadMatch[6];
    var buttonClass=lookaheadMatch[7];
    var label=lookaheadMatch[8];
    var openlabel=lookaheadMatch[9];
    var panelID=lookaheadMatch[10];
    var blockquote=lookaheadMatch[11];
    var deferred=lookaheadMatch[12];
    // location for rendering button and panel
    var place=w.output;
    // default to closed, no cookie, no accesskey, no alternate text/tip
    var show="none"; var cookie=""; var key="";
    var closedtext=">"; var closedtip="";
    var openedtext="<"; var openedtip="";
    // extra "+", default to open
    if (defopen) show="block";
    // cookie, use saved open/closed state
    if (cookiename) {
     cookie=cookiename.trim().slice(1,-1);
     cookie="chkSlider"+cookie;
     if (config.options[cookie]==undefined)
      { config.options[cookie] = (show=="block") }
     show=config.options[cookie]?"block":"none";
    }
    // parse label/tooltip/accesskey: [label=X|tooltip]
    if (label) {
     var parts=label.trim().slice(1,-1).split("|");
     closedtext=parts.shift();
     if (closedtext.substr(closedtext.length-2,1)=="=")
      { key=closedtext.substr(closedtext.length-1,1); closedtext=closedtext.slice(0,-2); }
     openedtext=closedtext;
     if (parts.length) closedtip=openedtip=parts.join("|");
     else { closedtip="afficher "+closedtext; openedtip="masquer "+closedtext; }
    }
    // parse alternate label/tooltip: [label|tooltip]
    if (openlabel) {
     var parts=openlabel.trim().slice(1,-1).split("|");
     openedtext=parts.shift();
     if (parts.length) openedtip=parts.join("|");
     else openedtip="hide "+openedtext;
    }
    var title=show=='block'?openedtext:closedtext;
    var tooltip=show=='block'?openedtip:closedtip;
    // create the button
    if (header) { // use "Hn" header format instead of button/link
     var lvl=(header.length>5)?5:header.length;
     var btn = createTiddlyElement(createTiddlyElement(place,"h"+lvl,null,null,null),"a",null,buttonClass,title);
     btn.onclick=onClickNestedSlider;
     btn.setAttribute("href","javascript:;");
     btn.setAttribute("title",tooltip);
    }
    else
     var btn = createTiddlyButton(place,title,tooltip,onClickNestedSlider,buttonClass);
    btn.innerHTML=title; // enables use of HTML entities in label
    // set extra button attributes
    btn.setAttribute("closedtext",closedtext);
    btn.setAttribute("closedtip",closedtip);
    btn.setAttribute("openedtext",openedtext);
    btn.setAttribute("openedtip",openedtip);
    btn.sliderCookie = cookie; // save the cookiename (if any) in the button object
    btn.defOpen=defopen!=null; // save default open/closed state (boolean)
    btn.keyparam=key; // save the access key letter ("" if none)
    if (key.length) {
     btn.setAttribute("accessKey",key); // init access key
     btn.onfocus=function(){this.setAttribute("accessKey",this.keyparam);}; // **reclaim** access key on focus
    }
    btn.setAttribute("hover",hover?"true":"false");
    btn.onmouseover=function(ev) {
     // optional 'open on hover' handling
     if (this.getAttribute("hover")=="true" && this.sliderPanel.style.display=='none') {
      document.onclick.call(document,ev); // close transients
      onClickNestedSlider(ev); // open this slider
     }
     // mouseover on button aligns floater position with button
     if (window.adjustSliderPos) window.adjustSliderPos(this.parentNode,this,this.sliderPanel);
    }
    // create slider panel
    var panelClass=panelwidth?"floatingPanel":"sliderPanel";
    if (panelID) panelID=panelID.slice(1,-1); // trim off delimiters
    var panel=createTiddlyElement(place,"div",panelID,panelClass,null);
    panel.button = btn; // so the slider panel know which button it belongs to
    btn.sliderPanel=panel; // so the button knows which slider panel it belongs to
    panel.defaultPanelWidth=(panelwidth && panelwidth.length>2)?panelwidth.slice(1,-1):"";
    panel.setAttribute("transient",transient=="*"?"true":"false");
    panel.style.display = show;
    panel.style.width=panel.defaultPanelWidth;
    panel.onmouseover=function(event) // mouseover on panel aligns floater position with button
     { if (window.adjustSliderPos) window.adjustSliderPos(this.parentNode,this.button,this); }
    // render slider (or defer until shown)
    w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
    if ((show=="block")||!deferred) {
     // render now if panel is supposed to be shown or NOT deferred rendering
     w.subWikify(blockquote?createTiddlyElement(panel,"blockquote"):panel,this.terminator);
     // align floater position with button
     if (window.adjustSliderPos) window.adjustSliderPos(place,btn,panel);
    }
    else {
     var src = w.source.substr(w.nextMatch);
     var endpos=findMatchingDelimiter(src,"+++","===");
     panel.setAttribute("raw",src.substr(0,endpos));
     panel.setAttribute("blockquote",blockquote?"true":"false");
     panel.setAttribute("rendered","false");
     w.nextMatch += endpos+3;
     if (w.source.substr(w.nextMatch,1)=="\n") w.nextMatch++;
    }
   }
  }
 }
)
function findMatchingDelimiter(src,starttext,endtext) {
 var startpos = 0;
 var endpos = src.indexOf(endtext);
 // check for nested delimiters
 while (src.substring(startpos,endpos-1).indexOf(starttext)!=-1) {
  // count number of nested 'starts'
  var startcount=0;
  var temp = src.substring(startpos,endpos-1);
  var pos=temp.indexOf(starttext);
  while (pos!=-1) { startcount++; pos=temp.indexOf(starttext,pos+starttext.length); }
  // set up to check for additional 'starts' after adjusting endpos
  startpos=endpos+endtext.length;
  // find endpos for corresponding number of matching 'ends'
  while (startcount && endpos!=-1) {
   endpos = src.indexOf(endtext,endpos+endtext.length);
   startcount--;
  }
 }
 return (endpos==-1)?src.length:endpos;
}
//}}}
//{{{
window.onClickNestedSlider=function(e)
{
 if (!e) var e = window.event;
 var theTarget = resolveTarget(e);
 while (theTarget && theTarget.sliderPanel==undefined) theTarget=theTarget.parentNode;
 if (!theTarget) return false;
 var theSlider = theTarget.sliderPanel;
 var isOpen = theSlider.style.display!="none";
 // if SHIFT-CLICK, dock panel first (see [[MoveablePanelPlugin]])
 if (e.shiftKey && config.macros.moveablePanel) config.macros.moveablePanel.dock(theSlider,e);
 // toggle label
 theTarget.innerHTML=isOpen?theTarget.getAttribute("closedText"):theTarget.getAttribute("openedText");
 // toggle tooltip
 theTarget.setAttribute("title",isOpen?theTarget.getAttribute("closedTip"):theTarget.getAttribute("openedTip"));
 // deferred rendering (if needed)
 if (theSlider.getAttribute("rendered")=="false") {
  var place=theSlider;
  if (theSlider.getAttribute("blockquote")=="true")
   place=createTiddlyElement(place,"blockquote");
  wikify(theSlider.getAttribute("raw"),place);
  theSlider.setAttribute("rendered","true");
 }
 // show/hide the slider
 if(config.options.chkAnimate && (!hasClass(theSlider,'floatingPanel') || config.options.chkFloatingSlidersAnimate))
  anim.startAnimating(new Slider(theSlider,!isOpen,e.shiftKey || e.altKey,"none"));
 else
  theSlider.style.display = isOpen ? "none" : "block";
 // reset to default width (might have been changed via plugin code)
 theSlider.style.width=theSlider.defaultPanelWidth;
 // align floater panel position with target button
 if (!isOpen && window.adjustSliderPos) window.adjustSliderPos(theSlider.parentNode,theTarget,theSlider);
 // if showing panel, set focus to first 'focus-able' element in panel
 if (theSlider.style.display!="none") {
  var ctrls=theSlider.getElementsByTagName("*");
  for (var c=0; c<ctrls.length; c++) {
   var t=ctrls[c].tagName.toLowerCase();
   if ((t=="input" && ctrls[c].type!="hidden") || t=="textarea" || t=="select")
    { try{ ctrls[c].focus(); } catch(err){;} break; }
  }
 }
 var cookie=theTarget.sliderCookie;
 if (cookie && cookie.length) {
  config.options[cookie]=!isOpen;
  if (config.options[cookie]!=theTarget.defOpen) window.saveOptionCookie(cookie);
  else window.removeCookie(cookie); // remove cookie if slider is in default display state
 }
 // prevent SHIFT-CLICK from being processed by browser (opens blank window... yuck!)
 // prevent clicks *within* a slider button from being processed by browser
 // but allow plain click to bubble up to page background (to close transients, if any)
 if (e.shiftKey || theTarget!=resolveTarget(e))
  { e.cancelBubble=true; if (e.stopPropagation) e.stopPropagation(); }
 Popup.remove(); // close open popup (if any)
 return false;
}
//}}}
//{{{
// click in document background closes transient panels
document.nestedSliders_savedOnClick=document.onclick;
document.onclick=function(ev) { if (!ev) var ev=window.event; var target=resolveTarget(ev);
 if (document.nestedSliders_savedOnClick)
  var retval=document.nestedSliders_savedOnClick.apply(this,arguments);
 // if click was inside a popup... leave transient panels alone
 var p=target; while (p) if (hasClass(p,"popup")) break; else p=p.parentNode;
 if (p) return retval;
 // if click was inside transient panel (or something contained by a transient panel), leave it alone
 var p=target; while (p) {
  if ((hasClass(p,"floatingPanel")||hasClass(p,"sliderPanel"))&&p.getAttribute("transient")=="true") break;
  p=p.parentNode;
 }
 if (p) return retval;
 // otherwise, find and close all transient panels...
 var all=document.all?document.all:document.getElementsByTagName("DIV");
 for (var i=0; i<all.length; i++) {
   // if it is not a transient panel, or the click was on the button that opened this panel, don't close it.
  if (all[i].getAttribute("transient")!="true" || all[i].button==target) continue;
  // otherwise, if the panel is currently visible, close it by clicking it's button
  if (all[i].style.display!="none") window.onClickNestedSlider({target:all[i].button})
  if (!hasClass(all[i],"floatingPanel")&&!hasClass(all[i],"sliderPanel")) all[i].style.display="none";
 }
 return retval;
};
//}}}
//{{{
// adjust floating panel position based on button position
if (window.adjustSliderPos==undefined) window.adjustSliderPos=function(place,btn,panel) {
 if (hasClass(panel,"floatingPanel") && !hasClass(panel,"undocked")) {
  // see [[MoveablePanelPlugin]] for use of 'undocked'
  var rightEdge=document.body.offsetWidth-1;
  var panelWidth=panel.offsetWidth;
  var left=0;
  var top=btn.offsetHeight;
  if (place.style.position=="relative" && findPosX(btn)+panelWidth>rightEdge) {
   left-=findPosX(btn)+panelWidth-rightEdge; // shift panel relative to button
   if (findPosX(btn)+left<0) left=-findPosX(btn); // stay within left edge
  }
  if (place.style.position!="relative") {
   var left=findPosX(btn);
   var top=findPosY(btn)+btn.offsetHeight;
   var p=place; while (p && !hasClass(p,'floatingPanel')) p=p.parentNode;
   if (p) { left-=findPosX(p); top-=findPosY(p); }
   if (left+panelWidth>rightEdge) left=rightEdge-panelWidth;
   if (left<0) left=0;
  }
  panel.style.left=left+"px"; panel.style.top=top+"px";
 }
}
//}}}
//{{{
// TW2.1 and earlier:
// hijack Slider stop handler so overflow is visible after animation has completed
Slider.prototype.coreStop = Slider.prototype.stop;
Slider.prototype.stop = function()
 { this.coreStop.apply(this,arguments); this.element.style.overflow = "visible"; }
// TW2.2+
// hijack Morpher stop handler so sliderPanel/floatingPanel overflow is visible after animation has completed
if (version.major+.1*version.minor+.01*version.revision>=2.2) {
 Morpher.prototype.coreStop = Morpher.prototype.stop;
 Morpher.prototype.stop = function() {
  this.coreStop.apply(this,arguments);
  var e=this.element;
  if (hasClass(e,"sliderPanel")||hasClass(e,"floatingPanel")) {
   // adjust panel overflow and position after animation
   e.style.overflow = "visible";
   if (window.adjustSliderPos) window.adjustSliderPos(e.parentNode,e.button,e);
  }
 };
}
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
*/
//{{{
version.extensions.QuoteOfTheDayPlugin= {major: 1, minor: 4, revision: 1, date: new Date(2008,3,21)};
config.macros.QOTD = {
 clickTooltip: "click to view another item",
 timerTooltip: "auto-timer stopped... 'mouseout' to restart timer",
 timerClickTooltip: "auto-timer stopped... click to view another item, or 'mouseout' to restart timer",
 handler:
 function(place,macroName,params) {
 var tid=params.shift(); // source tiddler containing HR-separated quotes
 var p=params.shift();
 var click=true; // allow click for next item
 var inline=false; // wrap in slider for animation effect
 var random=true; // pick an item at random (default for "quote of the day" usage)
 var folder=false; // use local filesystem folder list
 var cookie=""; // default to no cookie
 var next=0; // default to first item (or random item)
 while (p) {
 if (p.toLowerCase()=="noclick") var click=false;
 if (p.toLowerCase()=="inline") var inline=true;
 if (p.toLowerCase()=="norandom") var random=false;
 if (p.toLowerCase().substr(0,7)=="cookie:") var cookie=p.substr(8);
 if (!isNaN(p)) var delay=p;
 p=params.shift();
 }
 if ((click||delay) && !inline) {
 var panel = createTiddlyElement(null,"div",null,"sliderPanel");
 panel.style.display="none";
 place.appendChild(panel);
 var here=createTiddlyElement(panel,click?"a":"span",null,"QOTD");
 }
 else
 var here=createTiddlyElement(place,click?"a":"span",null,"QOTD");
 here.id=(new Date()).convertToYYYYMMDDHHMMSSMMM()+Math.random().toString(); // unique ID
 // get items from tiddler or file list
 var list=store.getTiddlerText(tid,"");
 if (!list||!list.length) { // not a tiddler... maybe an image directory?
 var list=this.getImageFileList(tid);
 if (!list.length) { // maybe relative path... fixup and try again
 var h=document.location.href;
 var p=getLocalPath(decodeURIComponent(h.substr(0,h.lastIndexOf("/")+1)));
 var list=this.getImageFileList(p+tid);
 }
 }
 if (!list||!list.length) return false; // no contents... nothing to display!
 here.setAttribute("list",list);
 if (delay) here.setAttribute("delay",delay);
 here.setAttribute("random",random);
 here.setAttribute("cookie",cookie);
 if (click) {
 here.title=this.clickTooltip
 if (!inline) here.style.display="block";
 here.setAttribute("href","javascript:;");
 here.onclick=function(event)
 { config.macros.QOTD.showNextItem(this); }
 }
 if (config.options["txtQOTD_"+cookie]!=undefined) next=parseInt(config.options["txtQOTD_"+cookie]);
 here.setAttribute("nextItem",next);
 config.macros.QOTD.showNextItem(here);
 if (delay) {
 here.title=click?this.timerClickTooltip:this.timerTooltip
 here.onmouseover=function(event)
 { clearTimeout(this.ticker); };
 here.onmouseout=function(event)
 { this.ticker=setTimeout("config.macros.QOTD.tick('"+this.id+"')",this.getAttribute("delay")); };
 here.ticker=setTimeout("config.macros.QOTD.tick('"+here.id+"')",delay);
 }
 },
 tick: function(id) {
 var here=document.getElementById(id); if (!here) return;
 config.macros.QOTD.showNextItem(here);
 here.ticker=setTimeout("config.macros.QOTD.tick('"+id+"')",here.getAttribute("delay"));
 },
 showNextItem:
 function (here) {
 // hide containing slider panel (if any)
 var p=here.parentNode;
 if (p.className=="sliderPanel") p.style.display = "none"
 // get a new quote
 var index=here.getAttribute("nextItem");
 var items=here.getAttribute("list").split("\n----\n");
 if (index<0||index>=items.length) index=0;
 if (here.getAttribute("random")=="true") index=Math.floor(Math.random()*items.length);
 var txt=items[index];
 // re-render quote display element, and advance index counter
 removeChildren(here); wikify(txt,here);
 index++; here.setAttribute("nextItem",index);
 var cookie=here.getAttribute("cookie");
 if (cookie.length) {
 config.options["txtQOTD_"+cookie]=index.toString();
 saveOptionCookie("txtQOTD_"+cookie);
 }
 // redisplay slider panel (if any)
 if (p.className=="sliderPanel") {
 if(anim && config.options.chkAnimate)
 anim.startAnimating(new Slider(p,true,false,"none"));
 else p.style.display="block";
 }
 },
 getImageFileList: function(cwd) { // returns HR-separated list of image files
 function isImage(fn) {
 var ext=fn.substr(fn.length-3,3).toLowerCase();
 return ext=="jpg"||ext=="gif"||ext=="png";
 }
 var files=[];
 if (config.browser.isIE) {
 cwd=cwd.replace(/\//g,"\\");
 // IE uses ActiveX to read filesystem info
 var fso = new ActiveXObject("Scripting.FileSystemObject");
 if(!fso.FolderExists(cwd)) return [];
 var dir=fso.GetFolder(cwd);
 for(var f=new Enumerator(dir.Files); !f.atEnd(); f.moveNext())
 if (isImage(f.item().path)) files.push("[img[%0]]".format(["file:///"+f.item().path.replace(/\\/g,"/")]));
 } else {
 // FireFox (mozilla) uses "components" to read filesystem info
 // get security access
 if(!window.Components) return;
 try { netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); }
 catch(e) { alert(e.description?e.description:e.toString()); return []; }
 // open/validate directory
 var file=Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
 try { file.initWithPath(cwd); } catch(e) { return []; }
 if (!file.exists() || !file.isDirectory()) { return []; }
 var folder=file.directoryEntries;
 while (folder.hasMoreElements()) {
 var f=folder.getNext().QueryInterface(Components.interfaces.nsILocalFile);
 if (f instanceof Components.interfaces.nsILocalFile)
 if (isImage(f.path)) files.push("[img[%0]]".format(["file:///"+f.path.replace(/\\/g,"/")]));
 }
 }
 return files.join("\n----\n");
 }
}
//}}}
/% |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!end
!show
<<tiddler {{
 var here=story.findContainingTiddler(place); if (here) {
  var nodes=here.getElementsByTagName("*");
  for (var i=0; i<nodes.length; i++) if (hasClass(nodes[i],"title"))
   { removeChildren(nodes[i]); wikify("$1",nodes[i]); break; }
 }
'';}}>>
!end
%/<<tiddler {{'.ReplaceTiddlerTitle##'+('$1'=='$'+'1'?'info':'show')}} with: [[$1]]>>
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
*/
//{{{
version.extensions.SinglePageModePlugin= {major: 2, minor: 9, revision: 7, date: new Date(2010,11,30)};
//}}}
//{{{
config.paramifiers.SPM = { onstart: function(v) {
 config.options.chkSinglePageMode=eval(v);
 if (config.options.chkSinglePageMode && config.options.chkSinglePagePermalink && !config.browser.isSafari) {
 config.lastURL = window.location.hash;
 if (!config.SPMTimer) config.SPMTimer=window.setInterval(function() {checkLastURL();},1000);
 }
} };
//}}}
//{{{
if (config.options.chkSinglePageMode==undefined)
 config.options.chkSinglePageMode=false;
if (config.options.chkSinglePagePermalink==undefined)
 config.options.chkSinglePagePermalink=true;
if (config.options.chkSinglePageKeepFoldedTiddlers==undefined)
 config.options.chkSinglePageKeepFoldedTiddlers=false;
if (config.options.chkSinglePageKeepEditedTiddlers==undefined)
 config.options.chkSinglePageKeepEditedTiddlers=false;
if (config.options.chkTopOfPageMode==undefined)
 config.options.chkTopOfPageMode=false;
if (config.options.chkBottomOfPageMode==undefined)
 config.options.chkBottomOfPageMode=false;
if (config.options.chkSinglePageAutoScroll==undefined)
 config.options.chkSinglePageAutoScroll=false;
//}}}
//{{{
config.SPMTimer = 0;
config.lastURL = window.location.hash;
function checkLastURL()
{
 if (!config.options.chkSinglePageMode)
 { window.clearInterval(config.SPMTimer); config.SPMTimer=0; return; }
 if (config.lastURL == window.location.hash) return; // no change in hash
 var tids=decodeURIComponent(window.location.hash.substr(1)).readBracketedList();
 if (tids.length==1) // permalink (single tiddler in URL)
 story.displayTiddler(null,tids[0]);
 else { // restore permaview or default view
 config.lastURL = window.location.hash;
 if (!tids.length) tids=store.getTiddlerText("DefaultTiddlers").readBracketedList();
 story.closeAllTiddlers();
 story.displayTiddlers(null,tids);
 }
}
if (Story.prototype.SPM_coreDisplayTiddler==undefined)
 Story.prototype.SPM_coreDisplayTiddler=Story.prototype.displayTiddler;
Story.prototype.displayTiddler = function(srcElement,tiddler,template,animate,slowly)
{
 var title=(tiddler instanceof Tiddler)?tiddler.title:tiddler;
 var tiddlerElem=story.getTiddler(title); // ==null unless tiddler is already displayed
 var opt=config.options;
 var single=opt.chkSinglePageMode && !startingUp;
 var top=opt.chkTopOfPageMode && !startingUp;
 var bottom=opt.chkBottomOfPageMode && !startingUp;
 if (single) {
 story.forEachTiddler(function(tid,elem) {
 // skip current tiddler and, optionally, tiddlers that are folded.
 if ( tid==title
 || (opt.chkSinglePageKeepFoldedTiddlers && elem.getAttribute("folded")=="true"))
 return;
 // if a tiddler is being edited, ask before closing
 if (elem.getAttribute("dirty")=="true") {
 if (opt.chkSinglePageKeepEditedTiddlers) return;
 // if tiddler to be displayed is already shown, then leave active tiddler editor as is
 // (occurs when switching between view and edit modes)
 if (tiddlerElem) return;
 // otherwise, ask for permission
 var msg="'"+tid+"' is currently being edited.\n\n";
 msg+="Press OK to save and close this tiddler\nor press Cancel to leave it opened";
 if (!confirm(msg)) return; else story.saveTiddler(tid);
 }
 story.closeTiddler(tid);
 });
 }
 else if (top)
 arguments[0]=null;
 else if (bottom)
 arguments[0]="bottom";
 if (single && opt.chkSinglePagePermalink && !config.browser.isSafari) {
 window.location.hash = encodeURIComponent(String.encodeTiddlyLink(title));
 config.lastURL = window.location.hash;
 document.title = wikifyPlain("SiteTitle") + " - " + title;
 if (!config.SPMTimer) config.SPMTimer=window.setInterval(function() {checkLastURL();},1000);
 }
 if (tiddlerElem && tiddlerElem.getAttribute("dirty")=="true") { // editing... move tiddler without re-rendering
 var isTopTiddler=(tiddlerElem.previousSibling==null);
 if (!isTopTiddler && (single || top))
 tiddlerElem.parentNode.insertBefore(tiddlerElem,tiddlerElem.parentNode.firstChild);
 else if (bottom)
 tiddlerElem.parentNode.insertBefore(tiddlerElem,null);
 else this.SPM_coreDisplayTiddler.apply(this,arguments); // let CORE render tiddler
 } else
 this.SPM_coreDisplayTiddler.apply(this,arguments); // let CORE render tiddler
 var tiddlerElem=story.getTiddler(title);
 if (tiddlerElem&&opt.chkSinglePageAutoScroll) {
 // scroll to top of page or top of tiddler
 var isTopTiddler=(tiddlerElem.previousSibling==null);
 var yPos=isTopTiddler?0:ensureVisible(tiddlerElem);
 // if animating, defer scroll until after animation completes
 var delay=opt.chkAnimate?config.animDuration+10:0;
 setTimeout("window.scrollTo(0,"+yPos+")",delay);
 }
}
if (Story.prototype.SPM_coreDisplayTiddlers==undefined)
 Story.prototype.SPM_coreDisplayTiddlers=Story.prototype.displayTiddlers;
Story.prototype.displayTiddlers = function() {
 // suspend single/top/bottom modes when showing multiple tiddlers
 var opt=config.options;
 var saveSPM=opt.chkSinglePageMode; opt.chkSinglePageMode=false;
 var saveTPM=opt.chkTopOfPageMode; opt.chkTopOfPageMode=false;
 var saveBPM=opt.chkBottomOfPageMode; opt.chkBottomOfPageMode=false;
 this.SPM_coreDisplayTiddlers.apply(this,arguments);
 opt.chkBottomOfPageMode=saveBPM;
 opt.chkTopOfPageMode=saveTPM;
 opt.chkSinglePageMode=saveSPM;
}
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements| */
//{{{
version.extensions.WikifyPlugin= {major: 1, minor: 1, revision: 4, date: new Date(2009,3,29)};
config.macros.wikify={
 handler: function(place,macroName,params,wikifier,paramString,tiddler) {
  var fmt=params.shift();
  var values=[];
  var out="";
  if (!fmt.match(/\%[0-9]/g) && params.length) // format has no markers, just join all params with spaces
   out=fmt+" "+params.join(" ");
  else { // format param has markers, get values and perform substitution
   while (p=params.shift()) values.push(this.getFieldReference(place,p));
   out=fmt.format(values);
  }
  if (macroName=="wikiCalc") out=eval(out).toString();
  wikify(out.unescapeLineBreaks(),place,null,tiddler);
 },
 getFieldReference: function(place,p) { // "slicename::tiddlername" or "fieldname@tiddlername" or "fieldname"
  if (typeof p != "string") return p; // literal non-string value... just return it...
  var parts=p.split(config.textPrimitives.sliceSeparator);
  if (parts.length==2) {// maybe a slice reference?
   var tid=parts[0]; var slice=parts[1];
   if (!tid || !tid.length || tid=="here") { // no target (or "here"), use containing tiddler
    tid=story.findContainingTiddler(place);
    if (tid) tid=tid.getAttribute("tiddler")
    else tid="SiteSlices"; // fallback for 'non-tiddler' areas (e.g, header, sidebar, etc.)
   }
   var val=store.getTiddlerSlice(tid,slice); // get tiddler slice value
  }
  if (val==undefined) {// not a slice, or slice not found, maybe a field reference?
   var parts=p.split("@");
   var field=parts[0];
   if (!field || !field.length) field="checked"; // missing fieldname, fallback: checked@tiddlername
   var tid=parts[1];
   if (!tid || !tid.length || tid=="here") { // no target (or "here"), use containing tiddler
    tid=story.findContainingTiddler(place);
    if (tid) tid=tid.getAttribute("tiddler")
    else tid="SiteFields"; // fallback for 'non-tiddler' areas (e.g, header, sidebar, etc.)
   }
   var val=store.getValue(tid,field);
  }
  // not a slice or field, or slice/field not found... return value unchanged
  return val===undefined?p:val;
 }
}
//}}}
//{{{
// define alternative macroName for triggering pre-rendering call to eval()
config.macros.wikiCalc=config.macros.wikify;
//}}}
<!--{{{-->
<span class='yourSearchNumber' macro='foundTiddler number'></span>
<span class='yourSearchTitle' macro='foundTiddler title text 100'/></span> —
<span class='yourSearchTags' macro='foundTiddler field tags 0'/></span>
<!--}}}-->
/* |YourSearchPlugin v2.1.6 (2012-04-19)|http://tiddlywiki.abego-software.de/#YourSearchPlugin|https://github.com/abego/YourSearchPlugin|
|Author|UdoBorkowski (ub [at] abego-software [dot] de)|[[BSD open source license|http://www.abego-software.de/legal/apl-v10.html]]| */
///%
if(!version.extensions.YourSearchPlugin){version.extensions.YourSearchPlugin={major:2,minor:1,revision:6,source:"http://tiddlywiki.abego-software.de/#YourSearchPlugin",licence:"[[BSD open source license (abego Software)|http://www.abego-software.de/legal/apl-v10.html]]",copyright:"Copyright (c) abego Software GmbH, 2005-2012 (www.abego-software.de)"};if(!window.abego){window.abego={}}if(!Array.forEach){Array.forEach=function(c,e,d){for(var b=0,a=c.length;b<a;b++){e.call(d,c[b],b,c)}};Array.prototype.forEach=function(d,c){for(var b=0,a=this.length;b<a;b++){d.call(c,this[b],b,this)}}}abego.toInt=function(b,a){if(!b){return a}var c=parseInt(b);return(c==NaN)?a:c};abego.createEllipsis=function(a){var b=createTiddlyElement(a,"span");b.innerHTML="&hellip;"};abego.shallowCopy=function(b){if(!b){return b}var a={};for(var c in b){a[c]=b[c]}return a};abego.copyOptions=function(a){return !a?{}:abego.shallowCopy(a)};abego.countStrings=function(d,c){if(!c){return 0}var a=c.length;var f=0;var e=0;while(true){var b=d.indexOf(c,e);if(b<0){return f}f++;e=b+a}return f};abego.getBracedText=function(j,e,a){if(!e){e=0}var k=/\{([^\}]*)\}/gm;k.lastIndex=e;var d=k.exec(j);if(d){var l=d[1];var b=abego.countStrings(l,"{");if(!b){if(a){a.lastIndex=k.lastIndex}return l}var g=j.length;for(var f=k.lastIndex;f<g&&b;f++){var h=j.charAt(f);if(h=="{"){b++}else{if(h=="}"){b--}}}if(!b){if(a){a.lastIndex=f-1}return j.substring(d.index+1,f-1)}}};abego.select=function(d,c,b,a){if(!a){a=[]}d.forEach(function(e){if(c.call(b,e)){a.push(e)}});return a};abego.consumeEvent=function(a){if(a.stopPropagation){a.stopPropagation()}if(a.preventDefault){a.preventDefault()}a.cancelBubble=true;a.returnValue=true};abego.TiddlerFilterTerm=function(d,b){if(!b){b={}}var c=d;if(!b.textIsRegExp){c=d.escapeRegExp();if(b.fullWordMatch){c="\\b"+c+"\\b"}}var a=new RegExp(c,"m"+(b.caseSensitive?"":"i"));this.tester=new abego.MultiFieldRegExpTester(a,b.fields,b.withExtendedFields)};abego.TiddlerFilterTerm.prototype.test=function(a){return this.tester.test(a)};abego.parseNewTiddlerCommandLine=function(c){var a=/(.*?)\.(?:\s+|$)([^#]*)(#.*)?/.exec(c);if(!a){a=/([^#]*)()(#.*)?/.exec(c)}if(a){var d;if(a[3]){var b=a[3].replace(/#/g,"");d=b.parseParams("tag")}else{d=[[]]}var e=a[2]?a[2].trim():"";d.push({name:"text",value:e});d[0].text=[e];return{title:a[1].trim(),params:d}}else{return{title:c.trim(),params:[[]]}}};abego.parseTiddlerFilterTerm=function(queryText,offset,options){var re=/\s*(?:(?:\{([^\}]*)\})|(?:(=)|([#%!])|(?:(\w+)\s*\:(?!\/\/))|(?:(?:("(?:(?:\\")|[^"])+")|(?:\/((?:(?:\\\/)|[^\/])+)\/)|(\w+\:\/\/[^\s]+)|([^\s\)\-\"]+)))))/mg;var shortCuts={"!":"title","%":"text","#":"tags"};var fieldNames={};var fullWordMatch=false;re.lastIndex=offset;while(true){var i=re.lastIndex;var m=re.exec(queryText);if(!m||m.index!=i){throw"Word or String literal expected"}if(m[1]){var lastIndexRef={};var code=abego.getBracedText(queryText,0,lastIndexRef);if(!code){throw"Invalid {...} syntax"}var f=Function("tiddler","return ("+code+");");return{func:f,lastIndex:lastIndexRef.lastIndex,markRE:null}}if(m[2]){fullWordMatch=true}else{if(m[3]){fieldNames[shortCuts[m[3]]]=1}else{if(m[4]){fieldNames[m[4]]=1}else{var textIsRegExp=m[6];var text=m[5]?window.eval(m[5]):m[6]?m[6]:m[7]?m[7]:m[8];options=abego.copyOptions(options);options.fullWordMatch=fullWordMatch;options.textIsRegExp=textIsRegExp;var fields=[];for(var n in fieldNames){fields.push(n)}if(fields.length==0){options.fields=options.defaultFields}else{options.fields=fields;options.withExtendedFields=false}var term=new abego.TiddlerFilterTerm(text,options);var markREText=textIsRegExp?text:text.escapeRegExp();if(markREText&&fullWordMatch){markREText="\\b"+markREText+"\\b"}return{func:function(tiddler){return term.test(tiddler)},lastIndex:re.lastIndex,markRE:markREText?"(?:"+markREText+")":null}}}}}};abego.BoolExp=function(i,c,j){this.s=i;var h=j&&j.defaultOperationIs_OR;var e=/\s*\)/g;var f=/\s*(?:(and|\&\&)|(or|\|\|))/gi;var b=/\s*(\-|not)?(\s*\()?/gi;var a;var d=function(p){b.lastIndex=p;var l=b.exec(i);var o=false;var k=null;if(l&&l.index==p){p+=l[0].length;o=l[1];if(l[2]){var n=a(p);e.lastIndex=n.lastIndex;if(!e.exec(i)){throw"Missing ')'"}k={func:n.func,lastIndex:e.lastIndex,markRE:n.markRE}}}if(!k){k=c(i,p,j)}if(o){k.func=(function(m){return function(q){return !m(q)}})(k.func);k.markRE=null}return k};a=function(s){var n=d(s);while(true){var p=n.lastIndex;f.lastIndex=p;var k=f.exec(i);var o;var q;if(k&&k.index==p){o=!k[1];q=d(f.lastIndex)}else{try{q=d(p)}catch(r){return n}o=h}n.func=(function(t,m,l){return l?function(u){return t(u)||m(u)}:function(u){return t(u)&&m(u)}})(n.func,q.func,o);n.lastIndex=q.lastIndex;if(!n.markRE){n.markRE=q.markRE}else{if(q.markRE){n.markRE=n.markRE+"|"+q.markRE}}}};var g=a(0);this.evalFunc=g.func;if(g.markRE){this.markRegExp=new RegExp(g.markRE,j.caseSensitive?"mg":"img")}};abego.BoolExp.prototype.exec=function(){return this.evalFunc.apply(this,arguments)};abego.BoolExp.prototype.getMarkRegExp=function(){return this.markRegExp};abego.BoolExp.prototype.toString=function(){return this.s};abego.MultiFieldRegExpTester=function(b,a,c){this.re=b;this.fields=a?a:["title","text","tags"];this.withExtendedFields=c};abego.MultiFieldRegExpTester.prototype.test=function(b){var d=this.re;for(var a=0;a<this.fields.length;a++){var c=store.getValue(b,this.fields[a]);if(typeof c=="string"&&d.test(c)){return this.fields[a]}}if(this.withExtendedFields){return store.forEachField(b,function(e,g,f){return typeof f=="string"&&d.test(f)?g:null},true)}return null};abego.TiddlerQuery=function(b,a,d,c,e){if(d){this.regExp=new RegExp(b,a?"mg":"img");this.tester=new abego.MultiFieldRegExpTester(this.regExp,c,e)}else{this.expr=new abego.BoolExp(b,abego.parseTiddlerFilterTerm,{defaultFields:c,caseSensitive:a,withExtendedFields:e})}this.getQueryText=function(){return b};this.getUseRegExp=function(){return d};this.getCaseSensitive=function(){return a};this.getDefaultFields=function(){return c};this.getWithExtendedFields=function(){return e}};abego.TiddlerQuery.prototype.test=function(a){if(!a){return false}if(this.regExp){return this.tester.test(a)}return this.expr.exec(a)};abego.TiddlerQuery.prototype.filter=function(a){return abego.select(a,this.test,this)};abego.TiddlerQuery.prototype.getMarkRegExp=function(){if(this.regExp){return"".search(this.regExp)>=0?null:this.regExp}return this.expr.getMarkRegExp()};abego.TiddlerQuery.prototype.toString=function(){return(this.regExp?this.regExp:this.expr).toString()};abego.PageWiseRenderer=function(){this.firstIndexOnPage=0};merge(abego.PageWiseRenderer.prototype,{setItems:function(a){this.items=a;this.setFirstIndexOnPage(0)},getMaxPagesInNavigation:function(){return 10},getItemsCount:function(a){return this.items?this.items.length:0},getCurrentPageIndex:function(){return Math.floor(this.firstIndexOnPage/this.getItemsPerPage())},getLastPageIndex:function(){return Math.floor((this.getItemsCount()-1)/this.getItemsPerPage())},setFirstIndexOnPage:function(a){this.firstIndexOnPage=Math.min(Math.max(0,a),this.getItemsCount()-1)},getFirstIndexOnPage:function(){this.firstIndexOnPage=Math.floor(this.firstIndexOnPage/this.getItemsPerPage())*this.getItemsPerPage();return this.firstIndexOnPage},getLastIndexOnPage:function(){return Math.min(this.getFirstIndexOnPage()+this.getItemsPerPage()-1,this.getItemsCount()-1)},onPageChanged:function(a,b){},renderPage:function(a){if(a.beginRendering){a.beginRendering(this)}try{if(this.getItemsCount()){var d=this.getLastIndexOnPage();var c=-1;for(var b=this.getFirstIndexOnPage();b<=d;b++){c++;a.render(this,this.items[b],b,c)}}}finally{if(a.endRendering){a.endRendering(this)}}},addPageNavigation:function(c){if(!this.getItemsCount()){return}var k=this;var g=function(n){if(!n){n=window.event}abego.consumeEvent(n);var i=abego.toInt(this.getAttribute("page"),0);var m=k.getCurrentPageIndex();if(i==m){return}var l=i*k.getItemsPerPage();k.setFirstIndexOnPage(l);k.onPageChanged(i,m)};var e;var h=this.getCurrentPageIndex();var f=this.getLastPageIndex();if(h>0){e=createTiddlyButton(c,"Précédent","Page précédente (Raccourci: Alt-'<')",g,"prev");e.setAttribute("page",(h-1).toString());e.setAttribute("accessKey","<")}for(var d=-this.getMaxPagesInNavigation();d<this.getMaxPagesInNavigation();d++){var b=h+d;if(b<0){continue}if(b>f){break}var a=(d+h+1).toString();var j=b==h?"currentPage":"otherPage";e=createTiddlyButton(c,a,"Aller page %0".format([a]),g,j);e.setAttribute("page",(b).toString())}if(h<f){e=createTiddlyButton(c,"Suivant","Page suivante (Raccourci: Alt-'>')",g,"next");e.setAttribute("page",(h+1).toString());e.setAttribute("accessKey",">")}}});abego.LimitedTextRenderer=function(){var l=40;var c=4;var k=function(p,z,v){var q=p.length;if(q==0){p.push({start:z,end:v});return}var u=0;for(;u<q;u++){var w=p[u];if(w.start<=v&&z<=w.end){var o;var s=u+1;for(;s<q;s++){o=p[s];if(o.start>v||z>w.end){break}}var x=z;var y=v;for(var t=u;t<s;t++){o=p[t];x=Math.min(x,o.start);y=Math.max(y,o.end)}p.splice(u,s-u,{start:x,end:y});return}if(w.start>v){break}}p.splice(u,0,{start:z,end:v})};var d=function(n){var q=0;for(var p=0;p<n.length;p++){var o=n[p];q+=o.end-o.start}return q};var b=function(n){return(n>="a"&&n<="z")||(n>="A"&&n<="Z")||n=="_"};var f=function(p,r){if(!b(p[r])){return null}for(var o=r-1;o>=0&&b(p[o]);o--){}var q=o+1;var t=p.length;for(o=r+1;o<t&&b(p[o]);o++){}return{start:q,end:o}};var a=function(o,q,p){var n;if(p){n=f(o,q)}else{if(q<=0){return q}n=f(o,q-1)}if(!n){return q}if(p){if(n.start>=q-c){return n.start}if(n.end<=q+c){return n.end}}else{if(n.end<=q+c){return n.end}if(n.start>=q-c){return n.start}}return q};var j=function(r,q){var n=[];if(q){var u=0;do{q.lastIndex=u;var o=q.exec(r);if(o){if(u<o.index){var p=r.substring(u,o.index);n.push({text:p})}n.push({text:o[0],isMatch:true});u=o.index+o[0].length}else{n.push({text:r.substr(u)});break}}while(true)}else{n.push({text:r})}return n};var i=function(p){var n=0;for(var o=0;o<p.length;o++){if(p[o].isMatch){n++}}return n};var h=function(v,u,q,t,o){var w=Math.max(Math.floor(o/(t+1)),l);var n=Math.max(w-(q-u),0);var r=Math.min(Math.floor(q+n/3),v.length);var p=Math.max(r-w,0);p=a(v,p,true);r=a(v,r,false);return{start:p,end:r}};var m=function(r,y,o){var n=[];var v=i(r);var u=0;for(var p=0;p<r.length;p++){var x=r[p];var w=x.text;if(x.isMatch){var q=h(y,u,u+w.length,v,o);k(n,q.start,q.end)}u+=w.length}return n};var g=function(t,p,o){var n=o-d(p);while(n>0){if(p.length==0){k(p,0,a(t,o,false));return}else{var q=p[0];var v;var r;if(q.start==0){v=q.end;if(p.length>1){r=p[1].start}else{k(p,v,a(t,v+n,false));return}}else{v=0;r=q.start}var u=Math.min(r,v+n);k(p,v,u);n-=(u-v)}}};var e=function(p,x,w,n,o){if(n.length==0){return}var u=function(z,I,D,F,C){var H;var G;var E=0;var B=0;var A=0;for(;B<D.length;B++){H=D[B];G=H.text;if(F<E+G.length){A=F-E;break}E+=G.length}var y=C-F;for(;B<D.length&&y>0;B++){H=D[B];G=H.text.substr(A);A=0;if(G.length>y){G=G.substr(0,y)}if(H.isMatch){createTiddlyElement(z,"span",null,"marked",G)}else{createTiddlyText(z,G)}y-=G.length}if(C<I.length){abego.createEllipsis(z)}};if(n[0].start>0){abego.createEllipsis(p)}var q=o;for(var r=0;r<n.length&&q>0;r++){var t=n[r];var v=Math.min(t.end-t.start,q);u(p,x,w,t.start,t.start+v);q-=v}};this.render=function(p,q,o,t){if(q.length<o){o=q.length}var r=j(q,t);var n=m(r,q,o);g(q,n,o);e(p,q,r,n,o)}};(function(){function alertAndThrow(msg){alert(msg);throw msg}if(version.major<2||(version.major==2&&version.minor<1)){alertAndThrow("YourSearchPlugin requires TiddlyWiki 2.1 or newer.\n\nCheck the archive for YourSearch plugins\nsupporting older versions of TiddlyWiki.\n\nArchive: http://tiddlywiki.abego-software.de/archive")}abego.YourSearch={};var lastResults=undefined;var lastQuery=undefined;var setLastResults=function(array){lastResults=array};var getLastResults=function(){return lastResults?lastResults:[]};var getLastResultsCount=function(){return lastResults?lastResults.length:0};var matchInTitleWeight=4;var precisionInTitleWeight=10;var matchInTagsWeight=2;var getMatchCount=function(s,re){var m=s.match(re);return m?m.length:0};var standardRankFunction=function(tiddler,query){var markRE=query.getMarkRegExp();if(!markRE){return 1}var matchesInTitle=tiddler.title.match(markRE);var nMatchesInTitle=matchesInTitle?matchesInTitle.length:0;var nMatchesInTags=getMatchCount(tiddler.getTags(),markRE);var lengthOfMatchesInTitle=matchesInTitle?matchesInTitle.join("").length:0;var precisionInTitle=tiddler.title.length>0?lengthOfMatchesInTitle/tiddler.title.length:0;var rank=nMatchesInTitle*matchInTitleWeight+nMatchesInTags*matchInTagsWeight+precisionInTitle*precisionInTitleWeight+1;return rank};var findMatches=function(store,searchText,caseSensitive,useRegExp,sortField,excludeTag){lastQuery=null;var candidates=store.reverseLookup("tags",excludeTag,false);try{var defaultFields=[];if(config.options.chkSearchInTitle){defaultFields.push("title")}if(config.options.chkSearchInText){defaultFields.push("text")}if(config.options.chkSearchInTags){defaultFields.push("tags")}lastQuery=new abego.TiddlerQuery(searchText,caseSensitive,useRegExp,defaultFields,config.options.chkSearchExtendedFields)}catch(e){return[]}var results=lastQuery.filter(candidates);var rankFunction=abego.YourSearch.getRankFunction();for(var i=0;i<results.length;i++){var tiddler=results[i];var rank=rankFunction(tiddler,lastQuery);tiddler.searchRank=rank}if(!sortField){sortField="title"}var sortFunction=function(a,b){var searchRankDiff=a.searchRank-b.searchRank;if(searchRankDiff==0){if(a[sortField]==b[sortField]){return(0)}else{return(a[sortField]<b[sortField])?-1:+1}}else{return(searchRankDiff>0)?-1:+1}};results.sort(sortFunction);return results};var maxCharsInTitle=80;var maxCharsInTags=50;var maxCharsInText=250;var maxCharsInField=50;var itemsPerPageDefault=25;var itemsPerPageWithPreviewDefault=10;var yourSearchResultID="yourSearchResult";var yourSearchResultItemsID="yourSearchResultItems";var lastSearchText=null;var resultElement=null;var searchInputField=null;var searchButton=null;var lastNewTiddlerButton=null;var initStylesheet=function(){if(version.extensions.YourSearchPlugin.styleSheetInited){return}version.extensions.YourSearchPlugin.styleSheetInited=true;setStylesheet(store.getTiddlerText("YourSearchStyleSheet"),"yourSearch")};var isResultOpen=function(){return resultElement!=null&&resultElement.parentNode==document.body};var closeResult=function(){if(isResultOpen()){document.body.removeChild(resultElement)}};var closeResultAndDisplayTiddler=function(e){closeResult();var title=this.getAttribute("tiddlyLink");if(title){var withHilite=this.getAttribute("withHilite");var oldHighlightHack=highlightHack;if(withHilite&&withHilite=="true"&&lastQuery){highlightHack=lastQuery.getMarkRegExp()}story.displayTiddler(this,title);highlightHack=oldHighlightHack}return(false)};var adjustResultPositionAndSize=function(){if(!searchInputField){return}var root=searchInputField;var rootLeft=findPosX(root);var rootTop=findPosY(root);var rootHeight=root.offsetHeight;var popupLeft=rootLeft;var popupTop=rootTop+rootHeight;var winWidth=findWindowWidth();if(winWidth<resultElement.offsetWidth){resultElement.style.width=(winWidth-100)+"px";winWidth=findWindowWidth()}var popupWidth=resultElement.offsetWidth;if(popupLeft+popupWidth>winWidth){popupLeft=winWidth-popupWidth-30}if(popupLeft<0){popupLeft=0}resultElement.style.left=popupLeft+"px";resultElement.style.top=popupTop+"px";resultElement.style.display="block"};var scrollVisible=function(){if(resultElement){window.scrollTo(0,ensureVisible(resultElement))}if(searchInputField){window.scrollTo(0,ensureVisible(searchInputField))}};var ensureResultIsDisplayedNicely=function(){adjustResultPositionAndSize();scrollVisible()};var indexInPage=undefined;var currentTiddler=undefined;var pager=new abego.PageWiseRenderer();var MyItemRenderer=function(parent){this.itemHtml=store.getTiddlerText(".YourSearchItemTemplate");if(!this.itemHtml){alertAndThrow(".YourSearchItemTemplate not found")}this.place=document.getElementById(yourSearchResultItemsID);if(!this.place){this.place=createTiddlyElement(parent,"div",yourSearchResultItemsID)}};merge(MyItemRenderer.prototype,{render:function(pager,object,index,indexOnPage){indexInPage=indexOnPage;currentTiddler=object;var item=createTiddlyElement(this.place,"div",null,"yourSearchItem");item.innerHTML=this.itemHtml;applyHtmlMacros(item,null);refreshElements(item,null)},endRendering:function(pager){currentTiddler=null}});var refreshResult=function(){if(!resultElement||!searchInputField){return}var html=store.getTiddlerText("YourSearchResultTemplate");if(!html){html="<b>Tiddler YourSearchResultTemplate not found</b>"}resultElement.innerHTML=html;applyHtmlMacros(resultElement,null);refreshElements(resultElement,null);var itemRenderer=new MyItemRenderer(resultElement);pager.renderPage(itemRenderer);ensureResultIsDisplayedNicely()};pager.getItemsPerPage=function(){var n=(config.options.chkPreviewText)?abego.toInt(config.options.txtItemsPerPageWithPreview,itemsPerPageWithPreviewDefault):abego.toInt(config.options.txtItemsPerPage,itemsPerPageDefault);return(n>0)?n:1};pager.onPageChanged=function(){refreshResult()};var reopenResultIfApplicable=function(){if(searchInputField==null||!config.options.chkUseYourSearch){return}if((searchInputField.value==lastSearchText)&&lastSearchText&&!isResultOpen()){if(resultElement&&(resultElement.parentNode!=document.body)){document.body.appendChild(resultElement);ensureResultIsDisplayedNicely()}else{abego.YourSearch.onShowResult(true)}}};var invalidateResult=function(){closeResult();resultElement=null;lastSearchText=null};var isDescendantOrSelf=function(self,e){while(e!=null){if(self==e){return true}e=e.parentNode}return false};var onDocumentClick=function(e){if(e.target==searchInputField){return}if(e.target==searchButton){return}if(resultElement&&isDescendantOrSelf(resultElement,e.target)){return}closeResult()};var onDocumentKeyup=function(e){if(e.keyCode==27){closeResult()}};addEvent(document,"click",onDocumentClick);addEvent(document,"keyup",onDocumentKeyup);var myStorySearch=function(text,useCaseSensitive,useRegExp){lastSearchText=text;setLastResults(findMatches(store,text,useCaseSensitive,useRegExp,"title","excludeSearch"));abego.YourSearch.onShowResult()};var myMacroSearchHandler=function(place,macroName,params,wikifier,paramString,tiddler){initStylesheet();lastSearchText="";var searchTimeout=null;var doSearch=function(txt){if(config.options.chkUseYourSearch){myStorySearch(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch)}else{story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch)}lastSearchText=txt.value};var clickHandler=function(e){doSearch(searchInputField);return false};var keyHandler=function(e){if(!e){e=window.event}searchInputField=this;switch(e.keyCode){case 13:if(e.ctrlKey&&lastNewTiddlerButton&&isResultOpen()){lastNewTiddlerButton.onclick.apply(lastNewTiddlerButton,[e])}else{doSearch(this)}break;case 27:if(isResultOpen()){closeResult()}else{this.value="";clearMessage()}break}if(String.fromCharCode(e.keyCode)==this.accessKey||e.altKey){reopenResultIfApplicable()}if(this.value.length<3&&searchTimeout){clearTimeout(searchTimeout)}if(this.value.length>2){if(this.value!=lastSearchText){if(!config.options.chkUseYourSearch||config.options.chkSearchAsYouType){if(searchTimeout){clearTimeout(searchTimeout)}var txt=this;searchTimeout=setTimeout(function(){doSearch(txt)},500)}}else{if(searchTimeout){clearTimeout(searchTimeout)}}}if(this.value.length==0){closeResult()}};var focusHandler=function(e){this.select();clearMessage();reopenResultIfApplicable()};var args=paramString.parseParams("list",null,true);var buttonAtRight=getFlag(args,"buttonAtRight");var sizeTextbox=getParam(args,"sizeTextbox",this.sizeTextbox);var txt=createTiddlyElement(null,"input",null,"txtOptionInput searchField",null);if(params[0]){txt.value=params[0]}txt.onkeyup=keyHandler;txt.onfocus=focusHandler;txt.setAttribute("size",sizeTextbox);txt.setAttribute("accessKey",this.accessKey);txt.setAttribute("autocomplete","off");if(config.browser.isSafari){txt.setAttribute("type","search");txt.setAttribute("results","5")}else{if(!config.browser.isIE){txt.setAttribute("type","text")}}var btn=createTiddlyButton(null,this.label,this.prompt,clickHandler);if(place){if(!buttonAtRight){place.appendChild(btn)}place.appendChild(txt);if(buttonAtRight){place.appendChild(btn)}}searchInputField=txt;searchButton=btn};var openAllFoundTiddlers=function(){closeResult();var results=getLastResults();var n=results.length;if(n){var titles=[];for(var i=0;i<n;i++){titles.push(results[i].title)}story.displayTiddlers(null,titles)}};var createOptionWithRefresh=function(place,optionParams,wikifier,tiddler){invokeMacro(place,"option",optionParams,wikifier,tiddler);var elem=place.lastChild;var oldOnClick=elem.onclick;elem.onclick=function(e){var result=oldOnClick.apply(this,arguments);refreshResult();return result};return elem};var removeTextDecoration=function(s){var removeThis=["''","{{{","}}}","//","<<<","/***","***/"];var reText="";for(var i=0;i<removeThis.length;i++){if(i!=0){reText+="|"}reText+="("+removeThis[i].escapeRegExp()+")"}return s.replace(new RegExp(reText,"mg"),"").trim()};var getShortCutNumber=function(){var i=indexInPage;return(i>=0&&i<=9)?(i<9?(i+1):0):-1};var limitedTextRenderer=new abego.LimitedTextRenderer();var renderLimitedText=function(place,s,maxLen){limitedTextRenderer.render(place,s,maxLen,lastQuery.getMarkRegExp())};var oldTiddlyWikiSaveTiddler=TiddlyWiki.prototype.saveTiddler;TiddlyWiki.prototype.saveTiddler=function(title,newTitle,newBody,modifier,modified,tags,fields){oldTiddlyWikiSaveTiddler.apply(this,arguments);invalidateResult()};var oldTiddlyWikiRemoveTiddler=TiddlyWiki.prototype.removeTiddler;TiddlyWiki.prototype.removeTiddler=function(title){oldTiddlyWikiRemoveTiddler.apply(this,arguments);invalidateResult()};config.macros.yourSearch={label:"yourSearch",prompt:"Gives access to the current/last YourSearch result",handler:function(place,macroName,params,wikifier,paramString,tiddler){if(params.length==0){return}var name=params[0];var func=config.macros.yourSearch.funcs[name];if(func){func(place,macroName,params,wikifier,paramString,tiddler)}},tests:{"true":function(){return true},"false":function(){return false},found:function(){return getLastResultsCount()>0},previewText:function(){return config.options.chkPreviewText}},funcs:{itemRange:function(place){if(getLastResultsCount()){var lastIndex=pager.getLastIndexOnPage();var s="%0 - %1".format([pager.getFirstIndexOnPage()+1,lastIndex+1]);createTiddlyText(place,s)}},count:function(place){createTiddlyText(place,getLastResultsCount().toString())},query:function(place){if(lastQuery){createTiddlyText(place,lastQuery.toString())}},version:function(place){var t="YourSearch %0.%1.%2".format([version.extensions.YourSearchPlugin.major,version.extensions.YourSearchPlugin.minor,version.extensions.YourSearchPlugin.revision]);var e=createTiddlyElement(place,"a");e.setAttribute("href","http://tiddlywiki.abego-software.de/#YourSearchPlugin");e.innerHTML='<font color="black" weight="bold" face="Arial, Helvetica, sans-serif">'+t+"<font>"},copyright:function(place){var e=createTiddlyElement(place,"a");e.setAttribute("href","http://www.abego-software.de");e.innerHTML='<font color="black" face="Arial, Helvetica, sans-serif">&copy; 2005-2019 <b><font color="blue">abego</font></b> Software<font>'},newTiddlerButton:function(place){if(lastQuery){var r=abego.parseNewTiddlerCommandLine(lastQuery.getQueryText());var btn=config.macros.newTiddler.createNewTiddlerButton(place,r.title,r.params,"","",null,"text");var oldOnClick=btn.onclick;btn.onclick=function(){closeResult();oldOnClick.apply(this,arguments)};lastNewTiddlerButton=btn}},linkButton:function(place,macroName,params,wikifier,paramString,tiddler){if(params<2){return}var tiddlyLink=params[1];var text=params<3?tiddlyLink:params[2];var tooltip=params<4?text:params[3];var accessKey=params<5?null:params[4];var btn=createTiddlyButton(place,text,tooltip,closeResultAndDisplayTiddler,null,null,accessKey);btn.setAttribute("tiddlyLink",tiddlyLink)},closeButton:function(place,macroName,params,wikifier,paramString,tiddler){createTiddlyButton(place,"Fermer","Fermer la zone de recherche (touche \'ESC\')",closeResult)},openAllButton:function(place,macroName,params,wikifier,paramString,tiddler){var n=getLastResultsCount();if(n==0){return}var title=n==1?"open tiddler":"Ouvrir les %0 articles".format([n]);var button=createTiddlyButton(place,title,"Ouvrir tous les articles (Raccourci : Alt-O)",openAllFoundTiddlers);button.setAttribute("accessKey","O")},naviBar:function(place,macroName,params,wikifier,paramString,tiddler){pager.addPageNavigation(place)},"if":function(place,macroName,params,wikifier,paramString,tiddler){if(params.length<2){return}var testName=params[1];var negate=(testName=="not");if(negate){if(params.length<3){return}testName=params[2]}var test=config.macros.yourSearch.tests[testName];var showIt=false;try{if(test){showIt=test(place,macroName,params,wikifier,paramString,tiddler)!=negate}else{showIt=(!eval(testName))==negate}}catch(ex){}if(!showIt){place.style.display="none"}},chkPreviewText:function(place,macroName,params,wikifier,paramString,tiddler){var elem=createOptionWithRefresh(place,"chkPreviewText",wikifier,tiddler);elem.setAttribute("accessKey","P");elem.title="Prévisualisation des articles (Raccourci : Alt-P)";return elem}}};config.macros.foundTiddler={label:"foundTiddler",prompt:"Provides information on the tiddler currently processed on the YourSearch result page",handler:function(place,macroName,params,wikifier,paramString,tiddler){var name=params[0];var func=config.macros.foundTiddler.funcs[name];if(func){func(place,macroName,params,wikifier,paramString,tiddler)}},funcs:{title:function(place,macroName,params,wikifier,paramString,tiddler){if(!currentTiddler){return}var shortcutNumber=getShortCutNumber();var tooltip=shortcutNumber>=0?"Ouvrir l\'article (Raccourci : Alt-%0)".format([shortcutNumber.toString()]):"Open tiddler";var btn=createTiddlyButton(place,null,tooltip,closeResultAndDisplayTiddler,null);btn.setAttribute("tiddlyLink",currentTiddler.title);btn.setAttribute("withHilite","true");renderLimitedText(btn,currentTiddler.title,maxCharsInTitle);if(shortcutNumber>=0){btn.setAttribute("accessKey",shortcutNumber.toString())}},tags:function(place,macroName,params,wikifier,paramString,tiddler){if(!currentTiddler){return}renderLimitedText(place,currentTiddler.getTags(),maxCharsInTags)},text:function(place,macroName,params,wikifier,paramString,tiddler){if(!currentTiddler){return}renderLimitedText(place,removeTextDecoration(currentTiddler.text),maxCharsInText)},field:function(place,macroName,params,wikifier,paramString,tiddler){if(!currentTiddler){return}var name=params[1];var len=params.length>2?abego.toInt(params[2],maxCharsInField):maxCharsInField;var v=store.getValue(currentTiddler,name);if(v){renderLimitedText(place,removeTextDecoration(v),len)}},number:function(place,macroName,params,wikifier,paramString,tiddler){var numberToDisplay=getShortCutNumber();if(numberToDisplay>=0){var text="%0)".format([numberToDisplay.toString()]);createTiddlyElement(place,"span",null,"shortcutNumber",text)}}}};var opts={chkUseYourSearch:true,chkPreviewText:true,chkSearchAsYouType:true,chkSearchInTitle:true,chkSearchInText:true,chkSearchInTags:true,chkSearchExtendedFields:true,txtItemsPerPage:itemsPerPageDefault,txtItemsPerPageWithPreview:itemsPerPageWithPreviewDefault};for(var n in opts){if(config.options[n]==undefined){config.options[n]=opts[n]}}config.shadowTiddlers.AdvancedOptions+="\n<<option chkUseYourSearch>> Use 'Your Search' ";config.shadowTiddlers.YourSearchStyleSheet="/***\n!~YourSearchResult Stylesheet\n***/\n/*{{{*/\n.yourSearchResult {\n\tposition: absolute;\n\twidth: 800px;\n\n\tpadding: 0.2em;\n\tlist-style: none;\n\tmargin: 0;\n\n\tbackground: #f0f8ff;\n\tborder: 1px solid DarkGray;\n}\n\n/*}}}*/\n/***\n!!Summary Section\n***/\n/*{{{*/\n.yourSearchResult .summary {\n\tborder-bottom-width: thin;\n\tborder-bottom-style: solid;\n\tborder-bottom-color: #999999;\n\tpadding-bottom: 4px;\n}\n\n.yourSearchRange, .yourSearchCount, .yourSearchQuery   {\n\tfont-weight: bold;\n}\n\n.yourSearchResult .summary .button {\n\tfont-size: 10px;\n\n\tpadding-left: 0.3em;\n\tpadding-right: 0.3em;\n}\n\n.yourSearchResult .summary .chkBoxLabel {\n\tfont-size: 10px;\n\n\tpadding-right: 0.3em;\n}\n\n/*}}}*/\n/***\n!!Items Area\n***/\n/*{{{*/\n.yourSearchResult .marked {\n\tbackground: none;\n\tfont-weight: bold;\n}\n\n.yourSearchItem {\n\tmargin-top: 2px;\n}\n\n.yourSearchNumber {\n\tcolor: #0000FF;\n}\n\n\n.yourSearchTags {\n\tcolor: #3333ff;\n}\n\n.yourSearchText {\n\tcolor: #000080;\n\tmargin-bottom: 6px;\n}\n\n/*}}}*/\n/***\n!!Footer\n***/\n/*{{{*/\n.yourSearchFooter {\n\tmargin-top: 8px;\n\tborder-top-width: thin;\n\tborder-top-style: solid;\n\tborder-top-color: #999999;\n}\n\n.yourSearchFooter a:hover{\n\tbackground: none;\n\tcolor: none;\n}\n/*}}}*/\n/***\n!!Navigation Bar\n***/\n/*{{{*/\n.yourSearchNaviBar a {\n\tfont-size: 16px;\n\tmargin-left: 4px;\n\tmargin-right: 4px;\n\tcolor: black;\n\ttext-decoration: underline;\n}\n\n.yourSearchNaviBar a:hover {\n\tbackground-color: none;\n}\n\n.yourSearchNaviBar .prev {\n\tfont-weight: bold;\n\tcolor: blue;\n}\n\n.yourSearchNaviBar .currentPage {\n\tcolor: #0000FF;\n\ttext-decoration: none;\n}\n\n.yourSearchNaviBar .next {\n\tfont-weight: bold;\n\tcolor: blue;\n}\n/*}}}*/\n";config.shadowTiddlers.YourSearchResultTemplate='<!--\n{{{\n-->\n<span macro="yourSearch if found">\n<!-- The Summary Header ============================================ -->\n<table class="summary" border="0" width="100%" cellspacing="0" cellpadding="0"><tbody>\n  <tr>\n\t<td align="left">\n\t\tYourSearch Result <span class="yourSearchRange" macro="yourSearch itemRange"></span>\n\t\t&nbsp;of&nbsp;<span class="yourSearchCount" macro="yourSearch count"></span>\n\t\tfor&nbsp;<span class="yourSearchQuery" macro="yourSearch query"></span>\n\t</td>\n\t<td class="yourSearchButtons" align="right">\n\t\t<span macro="yourSearch newTiddlerButton"></span>\n\t\t<span macro="yourSearch openAllButton"></span>\n\t\t<span macro="yourSearch closeButton"></span>\n\t</td>\n  </tr>\n</tbody></table>\n\n<!-- The List of Found Tiddlers ============================================ -->\n<div id="yourSearchResultItems" itemsPerPage="25" itemsPerPageWithPreview="10"></div>\n\n<!-- The Footer (with the Navigation) ============================================ -->\n<table class="yourSearchFooter" border="0" width="100%" cellspacing="0" cellpadding="0"><tbody>\n  <tr>\n\t<td align="left">\n\t\tNombre de pages : <span class="yourSearchNaviBar" macro="yourSearch naviBar"></span>\n\t</td>\n\t<td align="right"><span macro="yourSearch version"></span>, <span macro="yourSearch copyright"></span>\n\t</td>\n  </tr>\n</tbody></table>\n<!-- end of the \'tiddlers found\' case =========================================== -->\n</span>\n\n\n<!-- The "No tiddlers found" case =========================================== -->\n<span macro="yourSearch if not found">\n<table class="summary" border="0" width="100%" cellspacing="0" cellpadding="0"><tbody>\n  <tr>\n\t<td align="left">\n\t\tRecherche infructueuse: aucun article trouvé pour <span class="yourSearchQuery" macro="yourSearch query"></span>.\n\t</td>\n\t<td class="yourSearchButtons" align="right">\n\t\t<span macro="yourSearch closeButton"></span>\n\t</td>\n  </tr>\n</tbody></table>\n</span>\n\n\n<!--\n}}}\n-->\n';config.shadowTiddlers.YourSearchItemTemplate="<!--\n{{{\n-->\n<span class='yourSearchNumber' macro='foundTiddler number'></span>\n<span class='yourSearchTitle' macro='foundTiddler title'/></span>&nbsp;-&nbsp;\n<span class='yourSearchTags' macro='foundTiddler field tags 50'/></span>\n<span macro=\"yourSearch if previewText\"><div class='yourSearchText' macro='foundTiddler field text 250'/></div></span>\n<!--\n}}}\n-->";config.shadowTiddlers.YourSearch="<<tiddler [[YourSearch Help]]>>";config.shadowTiddlers["YourSearch Result"]="The popup-like window displaying the result of a YourSearch query.";config.macros.search.handler=myMacroSearchHandler;var checkForOtherHijacker=function(){if(config.macros.search.handler!=myMacroSearchHandler){alert("Message from YourSearchPlugin:\n\n\nAnother plugin has disabled the 'Your Search' features.\n\n\nYou may disable the other plugin or change the load order of \nthe plugins (by changing the names of the tiddlers)\nto enable the 'Your Search' features.")}};setTimeout(checkForOtherHijacker,5000);abego.YourSearch.getStandardRankFunction=function(){return standardRankFunction};abego.YourSearch.getRankFunction=function(){return abego.YourSearch.getStandardRankFunction()};abego.YourSearch.getCurrentTiddler=function(){return currentTiddler};abego.YourSearch.closeResult=function(){closeResult()};abego.YourSearch.getFoundTiddlers=function(){return lastResults};abego.YourSearch.getQuery=function(){return lastQuery};abego.YourSearch.onShowResult=function(useOldResult){highlightHack=lastQuery?lastQuery.getMarkRegExp():null;if(!useOldResult){pager.setItems(getLastResults())}if(!resultElement){resultElement=createTiddlyElement(document.body,"div",yourSearchResultID,"yourSearchResult")}else{if(resultElement.parentNode!=document.body){document.body.appendChild(resultElement)}}refreshResult();highlightHack=null}})()};
//%/
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title+"]] \"Consulter ["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"////"'>>
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title.substr(0,7)+"]] \""+tiddler.title+"\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"////"'>>
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '"* [["+tiddler.title+"]] \n"'>><<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title+"]] \"Consulter ["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"//Aucun élément.//"'>>
{{ss2col{
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '"* [["+tiddler.title+"]] \n"'>>}}}<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title.substr(0,10)+"]] \"Consulter ["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"//Aucun élément.//"'>>
{{ss2col{
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '"* [["+tiddler.title+"]] \n"'>>}}}<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title.substring(13, tiddler.title.length)+"]] \"Consulter ["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"//Aucun élément.//"'>>
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title.substr(0,10)+"]] \"["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"//Aucun élément.//"'>>
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '"* [["+tiddler.title+"]]\n"' begin '""' end '""' none '"* Aucune publication pour le moment\n"'>>
<<forEachTiddler where 'tiddler.tags.containsAny(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '(index < 24) ? "|"+tiddler.title.substr(0,10)+"|[["+tiddler.title.substr(13,254)+"|"+tiddler.title+"]]|\n" : ""' begin '"|Date|!$2 |\n"' end '""' none '"* Aucune publication\n"'>>
[>img(200px,auto)[iCSA/K4CCCSK.png]]Le [[Chapitre Français]] de la [[Cloud Security Alliance]] organise une formation officielle [[CCSK]] pour le ''CCSK Foundation'' et le ''CCSK Plus''.
Elle se déroulera la semaine du $1.
Elle sera dispensée ''en français'' par ''+++[Guillaume Boutisseau] [img(98%,1px)[iCSF/BluePixel.gif]]^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]] ==='', ''CCSK Authorized Instructor''^^1^^.
Comme il n'est pas possible de garantir que les conditions nécessaires à la réalisation d'une formation en présentiel soient réunies pour le mois de juin 2020, les interventions se dérouleront par visio-conférence sous la forme de classes virtuelles.

Les dates proposées sont les suivantes :
* ''$2'' : ''CCSK Foundation'' en français
* ''$3'' : ''CCSK Plus'' en français

Les inscriptions sont ouvertes sur le site de CloudSecurityPass ⇒ ''[[CloudSecurityAlliance.fr/go/CSPass|http://CloudSecurityAlliance.fr/go/CSPass]]''
Pour toute information complémentaire, vous pouvez aussi nous contacter sur [img(200px,auto)[iCSF/Email-CSA_FR.png]]
[img(98%,1px)[iCSF/BluePixel.gif]]
^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]]
<<tiddler [[arOund0C]]>>
[[Accueil]]
[<img(100px,auto)[iCSA/logoCSAFR.png]]{{floatL{
|ssTablN0|k
|| <html><i class="fa fa-home" aria-hidden="true"></i></html>  ||__[[Accueil]]__|
|| <html><i class="fa fa-chalkboard-teacher" aria-hidden="true"></i></html>  ||__[[CSA FR|Chapitre Français]]__|
|| [img[iCSF/flag_fr.png]] ||__[[Traductions]]__|
|| <html><i class="fa fa-info-circle" aria-hidden="true"></i></html>  ||__[[Actualités]]__|
|| <html><i class="fa fa-blog" aria-hidden="true"></i></html>  ||__[[Blog]]__|
|| <html><i class="fa fa-book" aria-hidden="true"></i></html>  ||__[[Publications]]__|
|bgcolor:#CCC;| <html><i class="fa fa-pencil-alt" aria-hidden="true"></i></html>  |bgcolor:#CCC;|[[Newsletters]]|
|bgcolor:#CCC;| <html><i class="fa fa-eye" aria-hidden="true"></i></html>  |bgcolor:#CCC;|[[Veille Web]]|
|bgcolor:#CCC;| <html><i class="fa fa-book-reader" aria-hidden="true"></i></html>  |bgcolor:#CCC;|[[Références]]|
|bgcolor:#CCC;| <html><i class="fa fa-tools" aria-hidden="true"></i></html>  |bgcolor:#CCC;|[[Outils]]|
|| <html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html>  ||__[[Alertes|Alertes et Vulnérabilités]]__|
|| <html><i class="fa fa-podcast" aria-hidden="true"></i></html>  ||__[[Podcasts]]__|
|| <html><i class="fa fa-video" aria-hidden="true"></i></html>  ||__[[Webinars|CloudBytes]]__|
|| <html><i class="fa fa-calendar-alt" aria-hidden="true"></i></html>  ||__[[Agenda]]__|
|| <html><i class="fa fa-archive" aria-hidden="true"></i></html> ||__[[Archives]]__|
|| ^^→^^ ||^^[[Contact]]^^|
|>|>|>|<<search 'Moteur de Recherche'>>|
|>|>|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|>|>|[img[LinkedIN|iCSF/In.png][LinkedIN]][img[Slack|iCSF/Slack_icon2.png][Slack]][img[Twitter|iCSF/Twitter_icon.png][Twitter]][img[iCSF/inEnglish.png][in English]]|
[img(100px,auto)[iCSA/badgeCSAFR.png]]
<<tiddler RollLeftCol>>[img(50%,1px)[iCSF/BluePixel.gif]]}}}
In this article, you can find the translation of the ''Menu'', and the links to all ''Weekly Newsletters'' published in English {{arOund{ ENG }}} - that is since early February 2020.
<<tabs tEnglish 'Menu' 'Menu' [[in English##Menu]] 'Weekly Newsletters' 'All weekly Newsletters in English' [[in English##Actu]]>>
/%
!Menu
|!Icon|!{{arOund{ FRA }}}  -- Menu in French |!{{arOund{ ENG }}}  -- Menu in English |
| @@color:#014;<html><i class="fa fa-home" aria-hidden="true"></i></html>@@ |[[Accueil]]|[[Home|Accueil]]|
| @@color:#014;<html><i class="fa fa-chalkboard-teacher" aria-hidden="true"></i></html>@@ |[[CSA FR|Chapitre Français]]|Details on the [[French Chapter|Chapitre Français]]|
| @@color:#014;<html><i class="fa fa-info-circle" aria-hidden="true"></i></html>@@ |[[Actualités]]|[[News|Actualités]] about CSA, the French Chapter, and general Cloud and Security topics |
| @@color:#014;<html><i class="fa fa-blog" aria-hidden="true"></i></html>@@ |[[Blog]]|[[Blog]] posts on the CSA or on the French Chapter web sites|
| @@color:#014;<html><i class="fa fa-book" aria-hidden="true"></i></html>@@ |[[Publications]]|[[Artefacts and Publications|Publications]] by CSA or major actors|
| @@color:#014;<html><i class="fa fa-eye" aria-hidden="true"></i></html>@@ |[[Veille Web]]|[[Cloud and Security watch|Veille Web]] with dozens of links per week|
| @@color:#014;<html><i class="fa fa-pencil-alt" aria-hidden="true"></i></html>@@ |[[Newsletters]]|[[Weekly newsletters|Newsletters]] published on Sundays or on Mondays|
| @@color:#014;<html><i class="fa fa-book-reader" aria-hidden="true"></i></html>@@ |[[Références]]|[[Sites and documents of reference|Références]]|
| @@color:#014;<html><i class="fa fa-tools" aria-hidden="true"></i></html>@@ |[[Outils]]|[[Cloud and Security tools|Outils]]|
| @@color:#014;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html>@@ |[[Alertes|Alertes et Vulnérabilités]]|[[Alerts et Vulnerabilities|Alertes et Vulnérabilités]]|
| @@color:#014;<html><i class="fa fa-podcast" aria-hidden="true"></i></html>@@ |__[[Podcasts]]__|__[[CSA Podcasts|Podcasts]]__|
| @@color:#014;<html><i class="fa fa-video" aria-hidden="true"></i></html>@@ |__[[Webinars|CloudBytes]]__|__[[CloudBytes Webinars|CloudBytes]]__|
| @@color:#014;<html><i class="fa fa-archive" aria-hidden="true"></i></html>@@ |[[Archives]]|[[Site archives since 2010|Archives]]|
|[img[iCSF/flag_fr.png]]|__[[Traductions]]__|__[[CSA documents translated into French|Traductions]]__|
| → |[[Contact]]|[[How to contact a French Chapter representative|Contact]]|
|>|>| [img[LinkedIN|iCSF/In.png][LinkedIN]][img[Slack|iCSF/Slack_icon2.png][Slack]][img[Twitter|iCSF/Twitter_icon.png][Twitter]] |
|>|>| Search engine: <<search>> |
!Actu
<<tiddler fAll2LiTabs10 with: ActuEN","_EN_>>
!end
%/
Chapitre Français •<<tiddler .ToggleLeftSidebar>>•
Cloud Security Alliance
[[myCSS]]
<!--{{{-->
<div class='toolbar' macro='toolbar [[ToolbarCommands::ViewToolbar]]'></div>
<div class='title' macro='view title'></div>
<div class='viewer' macro='view text wikified'></div>
<div class='viewer' macro='tiddler ReplaceDoubleClick'></div>
<div class='tagClear'></div>
<!--}}}-->
//{{{
config.options.txtUserName='CSA-FR';
config.options.chkAnimate=false;
config.options.chkRegExpSearch=false;
config.options.chkCaseSensitiveSearch=false;
config.options.chkOpenInNewWindow=true;
config.messages.tiddlerLinkTooltip="→ %0";
config.messages.externalLinkTooltip="→ %0";
config.options.chkHideSiteTitles=true;
config.macros.search.prompt="Recherche sur ce site";
config.macros.search.successMsg="%1 → %0 article(s)";
config.macros.search.failureMsg="%0 → Aucun article";
config.macros.search.label="Recherche";
merge(config.views.wikified,{ dateFormat: "0DD.0MM.YYYY",});
merge(config.macros.search,{ label: "", prompt: "Moteur de recherche local",});
config.options.chkUseYourSearch=true;
config.options.chkPreviewText=false;
config.options.chkSearchAsYouType=false;
config.options.chkSearchInTitle=true;
config.options.chkSearchInText=true;
config.options.chkSearchInTags=true;
config.options.chkSearchExtendedFields=false;
config.options.txtItemsPerPage=10;
config.options.txtItemsPerPageWithPreview=10;
config.options.chkShowLeftSidebar=true;
config.options.chkDisableWikiLinks=true;
config.options.chkAllowLinksFromShadowTiddlers=true;
config.options.chkDisableNonExistingWikiLinks=true;
config.options.chkSinglePageAutoScroll=true;
config.options.chkSinglePagePermalink=false;
config.options.chkSinglePageMode=false;
config.options.chkTopOfPageMode=true;
config.options.chkBottomOfPageMode=false;
config.options.chkShowBreadcrumbs=true;
config.options.txtBreadcrumbsLimit=8;
config.options.chkReorderBreadcrumbs=true;
config.options.txtBreadcrumbsCrumbSeparator="  <html><i class='fa fa-shoe-prints' aria-hidden='true'></i><i class='fa fa-shoe-prints' aria-hidden='true'></i></html>  ";
config.options.chkBreadcrumbsSave=false;
config.options.chkShowStartupBreadcrumbs=false;
config.options.chkBreadcrumbsReverse=false;
config.options.chkBreadcrumbsLimitOpenTiddlers=true;
config.options.txtBreadcrumbsLimitOpenTiddlers=20;
config.options.chkBreadcrumbsHideHomeLink=false;
config.options.chkCreateDefaultBreadcrumbs=true;
config.options.chkFramedLinks=false;
config.options.chkFramedLinksTag=true;
config.options.txtFramedLinksTag='_EmbedFrame';
config.options.txtFrameWidth='98%';
config.options.txtFrameHeight='33%';
readOnly=true;
config.options.chkHttpReadOnly=true;
config.options.chkBackstage=false;
showBackstage=false;
merge(config.shadowTiddlers,{ ToolbarCommands: '|~ViewToolbar|closeTiddler closeOthers|\n|~EditToolbar|+saveTiddler -cancelTiddler deleteTiddler|',});
merge(config.commands.closeTiddler,{ text: "[fermer]", tooltip: "Fermer cet article" });
merge(config.commands.closeOthers,{ text: "[isoler]", tooltip: "Fermer les autres articles" });
//}}}
/*{{{*/
	/* Alignement */
.floatL { display:block;text-align:left; }
.floatR { display:block;text-align:right; }
.floatC { display:block;text-align:center; }
.ssTabl99 {width:99%}
.ssTabl96 {width:96%}
.ssTabl2,
.ssTabl2 td,
.ssTabl2 th,
.ssTabl2 tbody
{ table-layout:fixed; width:98%; }
.ssTabl98N0,
.ssTabl98N0 table,
.ssTabl98N0 td,
.ssTabl98N0 tr,
.ssTabl98N0 th,
.ssTabl98N0 tbody
{ border:0 !important; width:98%; table-layout:fixed; }
.ssCol30 {width:30%; float:left; margin-left:1%; margin-right:1%; border-color:#014; border-style:solid; border-width:3px; }
.ssCol45 {width:45%; float:left; margin-left:1%;}
	/* multi-column tiddler content (not supported in Internet Explorer) */
.ss2col { display:block; -moz-column-count:2; -moz-column-gap:1em; -moz-column-width:50%; /* FireFox */ -webkit-column-count:2; -webkit-column-gap:1em; -webkit-column-width:50%; /* Safari */ column-count:2; column-gap:1em; column-width:50%; /* Opera */ }
.clear {clear:both;}
	/* ssTablN0 : table without tr/th/td borders */
.ssTablN0, .ssTablN0 table, .ssTablN0 tr, .ssTablN0 th, .ssTablN0 td, .ssTablN0 tbody { border:0 !important; }
	/* ssTablN0 : table without tr/td borders borders, but with th borders */
.ssTablN0L, .ssTablN0L tr, .ssTablN0L td, .ssTablN0L tbody { border:0 !important; }
	/* {font-size:.70em;} */
body {font-size:.8em;font-family:Verdana,times,serif; margin:0; padding:0;}
pre, .tagged, .tagging, #messageArea, .popup, .tiddlyLink, .button { border-radius: 5px; }
.tiddlyLink { padding: 0px 2px; margin: 0 -2px; }
img[align="left"] { margin-right: .5em; }
img[align="right"] { margin-left: .5em; }
.toolbar {text-align:left; font-size:.7em;}
img {border:2px solid [[ColorPalette::Background]];}
.headerShadow {position:relative; padding:0.5em 0em 1em 1em; left:-1px; top:-1px;}
.headerForeground {position:absolute; padding:0.5em 0em 1em 1em; left:0px; top:0px;}
.headerShadow .right { position: absolute; top: 0; }
.headerShadow .right { right: 0; }
.headerForeground .right { display: none; }
	/* InlineTabs */
.tabSelected {font-weight:bold; font-size:125%; color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::TertiaryPale]]; border-left:2px solid [[ColorPalette::PrimaryMid]]; border-top:2px solid [[ColorPalette::PrimaryLight]]; border-right:2px solid [[ColorPalette::PrimaryMid]]; border-bottom-style:2px solid [[ColorPalette::PrimaryMid]]; }
.tabContents {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::Background]]; border:2px solid [[ColorPalette::PrimaryMid]];}
	/* StyleSheetRotate90 */
.ssRot90 { float:left; width:0.6em; font-size:100%; font-family:Verdana,times,serif; line-height:60%; color:#014 !important; background:inherit !important; transform: rotate(90deg);}
	/* StyleSheetLetters */
.arOund {border:2px solid #014; background-color:#FFF; color:#014; font-style:italic; font-size:0.9em; text-align:center; padding:0.1em 0.5em 0.1em 0.5em; }}
.arOund200 {border:2px solid #014; background-color:#FFF; color:#014; font-style:italic; font-size:200%; text-align:center; padding:0.1em 0.5em 0.1em 0.5em; }}
.xxxxblue200 { float:left; width:0.6em; font-size:200%; font-family:Verdana,times,serif; line-height:60%; color:#014 !important; background:inherit !important; }
.firstletter { width:0.6em; font-size:250%; font-family:Verdana,times,serif; line-height:60%; color:#014 !important; background:inherit !important; }
	/* .firstletterC { float:center; width:0.6em; font-size:250%; line-height:60%; color:#014 !important; background:inherit !important; } */
.FirstLetter { width:0.6em; font-size:150%; font-family:Verdana,times,serif; line-height:60%; !important; background:inherit !important; }
.Blue250 { float:left; width:0.6em; font-size:250%; font-family:Verdana,times,serif; line-height:60%; color:#014 !important; background:inherit !important; }
	/* StyleSheetTableList */
.viewer ul {margin-top:0; margin-bottom:0;}
.viewer {text-align:justify;}
.viewer th {background:[[ColorPalette::TertiaryPale]]; color:[[ColorPalette::PrimaryMid]];}
	/* NestedSlidersPlugin */
.floatingPanel { z-index:700; padding:1em; margin:0em; border:1px solid; -moz-border-radius:1em; font-size:8pt; text-align:left; }
.floatingPanel hr { margin:2px 0 1px 0; padding:0; }
#sidebarOptions .sliderPanel { margin:0; padding:0; font-size:1em; background:transparent; }
#sidebarOptions .sliderPanel a { font-weight:normal; }
#sidebarOptions .sliderPanel blockquote { margin:0;padding:0;margin-left:1em; border-left:1px dotted; padding-left:1em }
.selected .floatingPanel .button,
.selected .floatingPanel a:link,
.selected .floatingPanel a:hover,
.selected .floatingPanel a:visited,
.floatingPanel .button,
.floatingPanel a:link,
.floatingPanel a:hover,
.floatingPanel a:visited { color:[[ColorPalette::PrimaryDark]] !important; }
.QOTD { color:#014 !important; background:inherit !important; }
.horizTag li.listTitle { display:none }
.horizTag li { display:inline; font-size:90%; }
.horizTag ul { display:inline; margin:0px; padding:0px;}
.viewer td { vertical-align:top; }
.viewer th { vertical-align:top; }
.viewer dl { margin:0; }
.size75 { font-size:75%; }
/*}}}*/
[img(400px,4px)[iCSF/BluePixel.gif]]
[img(200px,auto)[iCSF/Email-CSA_FR.png]]
|ssTablN0|k
|+++^*[mobile] <<tiddler [[MainMenu]]>>=== ^^<<tiddler .ToggleLeftSidebar>>^^| • <<tiddler [[Categories]]>> |
|| ^^<<tiddler RollHeader>>^^ |
[>img(200px,auto)[iCSA/logoCSAFR.png]]Le [[Chapitre Français]] de la [[Cloud Security Alliance]] est une association formée pour faire la promotion des meilleures pratiques de sécurité au sein des infrastructures Cloud Computing.
Il se charge notamment :
* d'adapter certains documents de la [[Cloud Security Alliance]] aux spécificités françaises (notamment réglementaires)
* de favoriser les bonnes pratiques de sécurité auprès des prestataires et founisseurs de Cloud français et auprès des Entreprises qui batissent des Clouds Privés
* de publier de nouvelles recommandations de sécurité relatives au Cloud Computing
* de traduire certains documents de la [[Cloud Security Alliance]] en français
* de mener des actions pour former et évangéliser sur la sécurité du Cloud Computing
* de participer à la communauté des chapitres européens regroupés sous l'appellation "''CSA EMEA''"[>img(200px,auto)[iCSF/CSA-EMEA.png]]
* d'établir des relations avec la presse et avec des groupes de travail similaires traitant soit du Cloud Computing, soit de la Sécurité
* de participer à tout type d'événements ou de conférences liés à la sécurité du Cloud Computing
[img(25%,1px)[iCSF/BluePixel.gif]]
Le site du [[Chapitre Français]] de la [[Cloud Security Alliance]] est https://www.CloudSecurityAlliance.fr/
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler [[Partenariats - ISEP-FC - Masteres Spécialisés]]>>
Le site de la [[Cloud Security Alliance]] est https://www.CloudSecurityAlliance.org/
[img(25%,1px)[iCSF/BluePixel.gif]]
{{floatC{[img(400px,auto)[iCSF/Email-CSA_FR.png]]
[img(100px,auto)[iCSF/Cloud_Question.png]]
@@font-size:75%;@@
+++*[Protection des données] <<tiddler [[Protection des Données]]>>=== }}}
| !Sur les aspects protection des données, RGPD et similaires, et pour les éléments suivants | !la réponse est simple |
| • Identité et coordonnées du responsable de traitement •
• Identité et coordonnées du délégué à la protection des données •
• Catégories de données collectées •
• Finalités du traitement •
• Base juridique du traitement •
• Destinataires des données •
• Transferts de données en dehors de l'UE •
• Conservation des données •
• Exercice des droits •
• Soumission d'une réclamation auprès de l'autorité de contrôle •
• Cookies • | ''c'est sans objet''
car ...
• aucune donnée n'est collectée sur le site •
• aucun cookie n'est utilisé •
• aucun traitement de données n'est réalisé •
[img(50%,1px)[iCSF/BluePixel.gif]]
Pour toute demande de précision, utilisez l'adresse
[img(200px,auto)[iCSF/Email-CSA_FR.png][iCSF/cloud-security-alliance-fr.png]]
[img(50%,1px)[iCSF/BluePixel.gif]] |
|<<tiddler AgendaFR+EN>>|
<<tiddler fAll2Tabs with: _Archives>><<tiddler .ReplaceTiddlerTitle with: [[Archives du Site]]>>
<<tiddler fAll2Tabs7 with: _Histo21>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2021]]>>
<<tiddler fAll2Tabs7 with: _Histo20>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2020]]>>
<<tiddler fAll2Tabs7 with: _Histo19>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2019]]>>
<<tiddler fAll2Tabs7 with: _Histo18>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2018]]>>
Les archives ''2017'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo17>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2017]]>>
Les archives ''2016'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo16>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2016]]>>
Les archives ''2015'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo15>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2015]]>>
Les archives ''2014'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo14>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2014]]>>
Les archives ''2013'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo13>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2013]]>>
Les archives ''2012'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo12>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2012]]>>
Les archives ''2011'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo11>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2011]]>>
Les archives ''2010'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo10>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2010]]>>
Les archives ''2009'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo09>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2009]]>>
Les archives ''2008'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo08>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2008]]>>
<script label="[?]" title="affiche une aide pour naviguer sur ce site">
if (window.version) {
var msg='Aide à la navigation sur ce site\n'
+'• Texte en bleu gras : lien direct vers un article\n'
+'• ◄▷ : masque/affiche le menu à gauche\n'
+'• » : déplier/replier opour accéder à un article, un URL ou des détails\n'
+'• [?] : cette aide ... :-)\n';
alert(msg); } return false;
</script> • Catégories : [[CAIQ]] • [[CCAK]] • [[CCM]] • [[CCSK]] • [[Cryptographie]] • [[ERP]] • [[Incidents]] • [[IoT]] • [[Menaces]] • [[Panorama]] • [[RGPD]] • [[Santé|Health]] • [[SDP]] • [[STAR]] • [[Vulnérabilités]] •
Exemple d'article
<<tiddler [[CSA Circle]]>>
Pour rejoindre l'espace collaboratif [[CSA Circle]] du [[Chapitre Français]], rien de plus simple :
* Suivre ''[[CloudSecurityAlliance.fr/go/Circle|https://CloudSecurityAlliance.fr/go/Circle]]''.
* Cliquer sur le bouton rouge "Sign In" [img(40px,auto)[iCSF/OSignIn.jpg]] en haut à droite de l'écran.
* S'enregistrer en sélectionnant le bouton "Sign Up" [img(40px,auto)[iCSF/OSignUp.jpg]].
* Une fois connecté, afficher les communautés [img(60px,auto)[iCSF/OCommunities.jpg]] et choisir ''France Chapter'' pour s'inscrire.
<<tiddler fAll2LiTabs13end with: _CloudBytes>>
!Le [[Chapitre Français|CSA-FR]] de la [[Cloud Security Alliance]]
[>img(200px,auto)[iCSA/logoCSAFR.png]]
Le [[Chapitre Français|CSA-FR]] de la [[Cloud Security Alliance]] a été créé en décembre 2010 par ''[[Olivier Caleff|https://www.linkedin.com/in/caleff]]'' et ''[[Pierre Vacherand|https://www.linkedin.com/in/pierrevacherand/]]''.
Après un bon début, le [[Chapitre français|CSA-FR]] a tourné au ralenti entre 2013 et 2017.
Les activités se sont concentrées autour de participations et contributions à des événements de la [[Cloud Security Alliance]] en Europe, à des participations dans des groupes de travail de la [[Cloud Security Alliance]], et à une participation très active dans le domaine de la formation (voir ci-dessous)
En 2018, les activités reprennent avec :
* La participation à deux salons (Mars et Novembre 2018)
* La poursuite des partenariats pour les activités de formation
* L'animation du groupe LinkedIn : https://www.linkedin.com/groups/3758242
* La préparation de la relance des réunions des membres du [[Chapitre français|CSA-FR]]
__Contact :__ https://CloudSecurityAlliance.fr et [img(200px,auto)[iCSF/Email-CSA_FR.png]]
!Les partenariats
<<tiddler [[Partenariats - ISEP-FC - Masteres Spécialisés]]>>
<<tabs tCSA 'Présentation' 'Présentation' [[Cloud Security Alliance##Pres]] 'Historique' 'Historique' [[Cloud Security Alliance##Histo]] 'Mission' 'Mission' [[Cloud Security Alliance##Mission]] 'Groups de Travail' 'Groupes de Travail' [[Cloud Security Alliance##WG]] 'Liens' 'Liens' [[Cloud Security Alliance##Links]]>>
/%
!Pres
__''Présentation''__[>img(200px,auto)[iCSF/cloud-security-alliance.png]]

La [[Cloud Security Alliance]] (CSA) est une organisation à but non lucratif qui a pour mission :
* de promouvoir de bonnes pratiques en matière d'assurance de la sécurité dans le Cloud Computing
* de fournir des formations sur les utilisations du Cloud Computing pour aider à sécuriser toutes les autres formes d'informatique
La [[Cloud Security Alliance]] est dirigée par une vaste coalition de praticiens de l'industrie, d'entreprises, d'associations et d'autres intervenants clés.
[img(25%,1px)[iCSF/BluePixel.gif]]
!Histo
__''Historique''__[>img(200px,auto)[iCSF/cloud-security-alliance.png]]

Les enjeux et opportunités du cloud computing ont fait l'objet d'une attention particulière en 2008 au sein de la communauté de la sécurité de l'information.
Lors du forum CISO de l'ISSA à Las Vegas, en novembre 2008, le concept de d'une Alliance pour la sécurité du Cloud Computing ([[Cloud Security Alliance]]) a vu le jour. Après une présentation des tendances émergentes par ''[[Jim Reavis|https://www.linkedin.com/in/jimreavis/]]'', dont un appel à l'action pour la sécurisation du cloud computing, ''Jim Reavis'' et ''[[Nils Puhlmann|https://www.linkedin.com/in/npuhlmann/]]'' ont présenté la mission et la stratégie initiales de la CSA. Une série de réunions organisationnelles avec des chefs de file de l'industrie au début de décembre 2008 a officialisé la fondation de la CSA.
Le travail de sensibilisation auprès de la communauté de la sécurité de l'information pour créer un support de travail initial en vue de la Conférence RSA 2009 a donné lieu à des échanges entre des dizaines de bénévoles pour la recherche, l'auteur, la rédaction et la révision du premier livre blanc.
[img(25%,1px)[iCSF/BluePixel.gif]]
!Mission
__''Mission''__[>img(200px,auto)[iCSF/cloud-security-alliance.png]]

Promouvoir l'utilisation des meilleures pratiques pour fournir une assurance de sécurité dans le Cloud Computing, et fournir de l'éducation sur les utilisations du Cloud Computing pour aider à sécuriser toutes les autres formes d'informatique.
[img(25%,1px)[iCSF/BluePixel.gif]]
!WG
__''Groupes de Travail''__

<<tiddler [[Groupes de Travail]]>>
[img(25%,1px)[iCSF/BluePixel.gif]]
!Links
__''Liens''__

{{ss2col{
* ''Site Web CSA'' → https://CloudSecurityAlliance.org 
* ''Flux RSS'' → https://cloudsecurityalliance.org/feed/
* Tous les articles → https://cloudsecurityalliance.org/articles/ 
* Blog → https://blog.cloudsecurityalliance.org/ 
* Publications → https://cloudsecurityalliance.org/research/artifacts/ 
* Communiqués de Presse → https://cloudsecurityalliance.org/press-releases/
* Groupes de travail → https://cloudsecurityalliance.org/meetings/ 
* Recherche → https://cloudsecurityalliance.org/research/
* Commentaires → https://cloudsecurityalliance.org/research/contribute/ 
* Couverture Presse → https://blog.cloudsecurityalliance.org/press-coverage/ 
* Registre ''STAR'' → https://cloudsecurityalliance.org/star/registry/ 
* Aspects ''RGPD'' → https://gdpr.cloudsecurityalliance.org/ 
* Formation ''CCAK'' → https://cloudsecurityalliance.org/education/ccak/ 
* Formation ''CCSK'' → https://ccsk.cloudsecurityalliance.org/ 
* Groupe __LinkedIN__ → https://www.linkedin.com/groups/1864210/profile 
* Flux __Twitter__ → https://twitter.com/cloudsa
}}}[img(25%,1px)[iCSF/BluePixel.gif]]
!end
%/
<<tiddler [[Cloud Security Alliance]]>>
[>img(100px,auto)[iCSA/K4QCCSK.png]]Le [[Chapitre Français]] participe à l'organisation de sessions de formation officielle et ''certifiante'' [[CCSK]] ''en français'' ''CCSK Foundation'' et le ''CCSK Plus''.

Les prochaines sessions auront lieu :
* ''lundi 10 et mardi 11 mars 2021'' : session CCSK Foundation
* lundi 10, mardi 11 et ''mercredi 12 mars 2021'' : session CCSK Plus

Elles comprennent tous les modules théoriques, ainsi que des exercices pratiques dans le cloud AWS (CCSK Plus), ainsi que la possibilité de passer l'examen de certification CCSK.
Elles sont dispensées par +++^*[Guillaume Boutisseau]> [img(98%,1px)[iCSF/BluePixel.gif]]<<tiddler [[Guillaume Boutisseau]]>>[img(98%,1px)[iCSF/BluePixel.gif]] ===, ''CCSK Authorized Instructor'' de la société [img(100px,auto)[iCSF/K4CSP.png][https://CloudSecurityPass.com/]]).

Les inscriptions sont ouvertes ⇒ ''[[CloudSecurityPass|http://CloudSecurityAlliance.fr/go/CSPass]]''
Pour toute information complémentaire, vous pouvez aussi nous contacter sur ~~[img(200px,auto)[iCSF/Email-CSA_FR.png]]~~
|ssTablN0|k
|>|>|>|>|>|background-color:#014; @@color:#FFF;''La galaxie CSA''@@ |
|background-color:#EEF;[img(100px,auto)[CCM|iCSA/CAOBCCM.png][CCM]]|background-color:#EEF;[img(100px,auto)[Menaces|iCSA/TopThreats_logo.png][Menaces]]|background-color:#EEF;[img(100px,auto)[CCSK|iCSA/H8UBCCSK.png][CCSK]]|background-color:#EEF;[img(100px,auto)[CAIQ|iCSA/CSA-CAI.png][CAIQ]]|background-color:#EEF;[img(100px,auto)[CCSK|iCSA/CCAK.png][CCAK]]|background-color:#EEF;|
[img(40%,1px)[iCSF/BluePixel.gif]][img[iCSF/In.png][https://www.linkedin.com/groups/3758242]] [img(40%,1px)[iCSF/BluePixel.gif]]
Lien vers le groupe ''LinkedIN'' du [[Chapitre Français]] de la [[Cloud Security Alliance]]
:→ https://www.linkedin.com/groups/3758242

^^Quelques autres groupes "Sécurité du Cloud"+++*[ici]>
* Cloud Computing, Cybersecurity, SaaS & Virtualization ⇒ https://www.linkedin.com/groups/45151/
* Cloud Technology Professionals ⇒ https://www.linkedin.com/groups/1346907/
* CyberSecurity Community ⇒ https://www.linkedin.com/groups/3799371/
* Information Security Careers Network (ISCN) ⇒ https://www.linkedin.com/groups/1368287/
* Information Security Network ⇒ https://www.linkedin.com/groups/80784/
* SaaS & Cloud Security Experts ⇒ https://www.linkedin.com/groups/122748/
* Security Experts - A Global Group ⇒ https://www.linkedin.com/groups/957667/
* The Virtualization & Cloud Computing Group ⇒ https://www.linkedin.com/groups/57400/
=== ^^
<<tiddler fAll2LiTabs10 with: PodC>>
<<QOTD RolledHeader 1852 noclick norandom>>
__[[Point de situation sur l'affaire SolarWids/SolarStorm|SolarStorm]]__ → l'actualité
----
__[[Prochaine formation CCSK en français|Prochain CCSK en français]]_ → la formation officielle CCSK de la ''Cloud Security Alliance''
----
__[[Veille Cloud et Sécurité|Dernière Veille Mensuelle]]__ → l'actualité
----
__[[Actualités CSA|Latest Actu_M]]__ → l'actualité Cloud Security Alliance France et monde
----
__[[Alertes Cloud et Sécurité|Latest Alert_M]]__ → les alertes
----
__[[Publications CSA|Latest Publ_M]]__ → les publications de la Cloud Security Alliance
----
__[[Newsletters Hebdomadaires|Latest News_M]]__ → nouveautés et veille hebdomadaire
----
__[[Blog CSA|Latest Blog_M]]__ → les articles de Blog du [[Chapitre Français]] et de la [[Cloud Security Alliance]]
----
Espace [[Slack]] du [[Chapitre Français]] : ''[[csafr.slack.com|https://CloudSecurityAlliance.fr/go/Slack]]''
<<QOTD RolledLeftCol 3704 noclick norandom>>
__[[Prochaine formation CCSK en français|Prochain CCSK en français]]_
[img(125px,auto)[CCSK|iCSA/K4PCCSK.png][http://cloudsecurityalliance.fr/go/CSPass]]
----
[img[Lien vers l'espace Slack du Chapitre Français|iCSF/Slack_ani.gif][https://CloudSecurityAlliance.fr/go/Slack]]''[[csafr.slack.com|https://CloudSecurityAlliance.fr/go/Slack]]''
----
L'espace __[[Slack]]__ du [[Chapitre|Chapitre Français]] 
[[Français|Chapitre Français]] de la [[Cloud|Cloud Security Alliance]]
[[Security Alliance|Cloud Security Alliance]]
----
__Circle__
[[CSA Circle]]
[img(125px,auto)[Circle|iCSA/CircleCSA.png][https://CloudSecurityAlliance.fr/go/Circle]]
----
__Références__
[[Cloud Controls Matrix]]
[img(125px,auto)[CCM|iCSA/CAOBCCM.png][Cloud Controls Matrix]]
[img(40%,1px)[iCSF/BluePixel.gif]][img[Lien vers l'espace Slack du Chapitre Français|iCSF/Slack_ani.gif][https://CloudSecurityAlliance.fr/go/Slack]] [img(40%,1px)[iCSF/BluePixel.gif]]
Lien vers l'espace ''Slack'' du [[Chapitre Français]] de la [[Cloud Security Alliance]]
:→'' https://csafr.slack.com ''
Seuls 3 documents de la [[Cloud Security Alliance]] ont été traduits en Français.
Après revue par la communauté, ce sont des versions définitives, même si les retours de la communauté ont été très faibles, voire inexistants dans certains cas.
Mais ces documents ont le mérite d'exister grâce aux efforts et au financement de la [[Cloud Security Alliance]], alors utilisez-les !

|!Document|!Description du sujet abordé|!Version|!Format|!Lien|!Date|
|[[CCM]]|Cloud Controls Matrix|v3.0.1|.xlsx|''[[CloudSecurityAlliance.fr/go/FRCCM|https://CloudSecurityAlliance.fr/go/FRCCM/]]''|2020.05.07|
|[[CAIQ]]|Consensus Assessments Initiative Questionnaire|v3.0.1|.xlsx|''[[CloudSecurityAlliance.fr/go/FRCAIQ|https://CloudSecurityAlliance.fr/go/FRCAIQ/]]''|2020.05.07|
|[[PLA CoC|RGPD - Présentation]]|Code of Conduct Privacy Level Agreement|v3.1|.xlsx|''[[CloudSecurityAlliance.fr/go/FRPLACOC|https://CloudSecurityAlliance.fr/go/FRPLACOC/]]''|2020.05.07|
[img(40%,1px)[iCSF/BluePixel.gif]][img[Lien vers le compte Twitter du Chapitre Français|iCSF/Twitter_icon.png][https://twitter.com/cloudsaFR]] [img(40%,1px)[iCSF/BluePixel.gif]]
Lien vers le flux Twitter du [[Chapitre Français]] de la [[Cloud Security Alliance]]
:→ https://twitter.com/cloudsaFR
[img(40%,1px)[iCSF/BluePixel.gif]][img[Lien vers le compte Twitter du Chapitre Français|iCSF/Twitter_icon.png][https://twitter.com/cloudsaFR]] [img(40%,1px)[iCSF/BluePixel.gif]]
__Autres flux Twitter à suivre :__
* Flux de la [[Cloud Security Alliance]]
:→ https://twitter.com/cloudsa
* Flux ''CSACloudbytes''
:→ https://twitter.com/hashtag/CSACloudbytes
* __À lire / Must read__
* __Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages__
:» Attaques / Attacks • Incidents • Fuites de données / Leaks • Pannes / Outages
* __Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities__
:» Risques / Risks • Menaces / Threats • Vulnérabilités / Vulnerabilities
* __Bonnes Pratiques et Techniques de Détection / Best Practices, and Detection__
:» Bonnes pratiques / Best Practices • Détection / Detection
* __Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications__
:» Rapports / Reports • Sondages / Surveys • Études / Studies • Publications
* __Cloud Services Providers, Solutions et Outils / CSPs, Solutions, and Tools__
:» AWS (Amazon) • Azure (Microsoft) • GCP (Google) • Oracle • Kubernetes • Docker • Containers • Workloads • Outils / Tools
* __Conférences, Podcasts, Veilles hebdomadaires 'Cloud et Sécurité' / Conferences, Podcasts, Weekly 'Cloud and Security' Watch__
:» Conférences / Conferences • Podcasts • Veilles / Newsletters
* __Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance__
:» Juridique / Legal • Réglementation / Regulatory • Conformité / Compliance
* __Marché, Acquisitions / Market, Acquisitions__
:» Marché / Market • Acquisitions
* __Divers / Miscellaneous__
:» Privacy Shield • SASE • Zero Trust • ... • Autres / Others''
<<tabs tVeille 'Veille 2021' 'Veille 2021' [[Veille Web##2021]] 'Veille 2020' 'Veille 2020' [[Veille Web##2020]] 'Veille 2019' 'Veille 2019' [[Veille Web##2019]] 'Veille 2018' 'Veille 2018' [[Veille Web##2018]] 'Veille 201x' 'Veille 201x' [[Veille Web##201x]] >>
/%
!2021
<<tiddler fAll2Tabs7 with: _Veille21>>
!2020
<<tiddler fAll2Tabs7 with: _Veille20>>
!2019
<<tiddler fAll2Tabs7 with: _Veille19>>
!2018
<<tiddler fAll2Tabs7 with: _Veille18>>
!201x
<<tiddler fAll2Tabs7 with: _Veille1x>>
!end
%/
<<tiddler .ReplaceTiddlerTitle with: "Veille Web Cloud et Sécurité">>
Les archives sont organisées par année, de 20__''17''__ à 20__''08''__.
|ssTabl2|k
|!Dernière mise à jour du site le @@font-size:125%;@@ |!Les dernières publications |
|<<tiddler [[Accueil_L]]>> |<<tiddler [[Accueil_R]]>>
Archives du site et historique : → [[ici|Archives]] ←[img(99%,1px)[iCSF/BluePixel.gif]] | <<tiddler .ReplaceTiddlerTitle with: [[Bienvenue sur le site du Chapitre Français de la Cloud Security Alliance]]>>
!!@@color:#014;<html><i class="fa fa-pencil-alt fa-2x" aria-hidden="true"></i></html>@@ Newsletter Hebdomadaire Cloud et Sécurité[>img(100px,auto)[iCSA/logoCSAFR.png]]
La veille active "Cloud et Sécurité" avec des nouvelles de la [[CSA]], ses publications et la revue du Web. La dernière est datée du //''<<tiddler [[LatestWeeklyFR]]>>''// et disponible ⇒__[[ici|Dernière Newsletter]]__⇐ [img(99%,4px)[iCSF/BluePixel.gif]]
!!@@color:#014;<html><i class="fa fa-users fa-2x" aria-hidden="true"></i></html>@@ Rejoignez Circle la plate-forme collaborative de la CSA
[>img(150px,auto)[iCSA/CircleCSA.png][2020.03.19 - Ouverture de la plateforme collaborative CSA Circle]]Inscrivez-vous sur [[CSA Circle]] la plateforme collaborative de la [[CSA]] en suivant [[les instructions|2020.03.19 - Ouverture de la plateforme collaborative CSA Circle]].
[img(99%,4px)[iCSF/BluePixel.gif]]
!!@@color:#014;<html><i class="fa fa-calendar-alt fa-2x" aria-hidden="true"></i></html>@@ Agenda
<<tiddler [[AgendaFR+EN]]>>[img(99%,4px)[iCSF/BluePixel.gif]]
!!@@color:#014;<html><i class="fa fa-graduation-cap fa-2x" aria-hidden="true"></i></html>@@ Formation CCSK et CCSK+ en français en mars 2021
<<tiddler [[Formations   CCSK   en français]]>>
[img(99%,4px)[iCSF/BluePixel.gif]]
^^<<tiddler Accueil_R_MM>>[img(99%,1px)[iCSF/BluePixel.gif]]^^
^^<<tiddler Accueil_R_MM-1>>[img(99%,1px)[iCSF/BluePixel.gif]]^^
^^<<tiddler Accueil_R_MM-2>>[img(99%,1px)[iCSF/BluePixel.gif]]^^
^^<<tiddler Accueil_R_MM-3>>[img(99%,1px)[iCSF/BluePixel.gif]]^^
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Mai 2021|2021.05.31 - Veille - Mai 2021]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
* En cours de rédaction /% <<tiddler fAll2List with: '202105","_Show_' >> %/
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Avril 2021|2021.04.30 - Veille - Avril 2021]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
* En cours de rédaction /% <<tiddler fAll2List with: '202104","_Show_' >> %/
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Mars 2021|2021.03.31 - Veille - Mars 2021]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
* En cours de rédaction /% <<tiddler fAll2List with: '202103","_Show_' >> %/
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Février 2021|2021.02.28 - Veille - Février 2021]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202102","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Janvier 2021|2021.01.31 - Veille - Janvier 2021]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202101","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Décembre 2020|2020.12.31 - Veille - Décembre 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202012","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Novembre 2020|2020.11.30 - Veille - Novembre 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202011","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Octobre 2020|2020.10.31 - Veille - Octobre 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202010","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Septembre 2020|2020.09.30 - Veille - Septembre 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202009","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Août 2020|2020.08.31 - Veille - Août 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202008","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Juillet 2020|2020.07.31 - Veille - Juillet 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202007","_Show_' >>
|ssTabl98N0|k
| {{arOund{0.C.}}}|
|ssTabl98N0|k
| {{arOund{G.B.}}}|
''Guillaume Boutisseau'' de la société de la société [img(100px,auto)[iCSF/K4CSP.png][https://CloudSecurityPass.com/]], est un "formateur certifié CCSK".
* Son attestation "''CCSK Authorized Instructor''" est consultable sur le site de la Cloud Security Alliance+++*[»]> ^^ https://cloudsecurityalliance.org/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdkVKIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--d3415bd77ff8e91832bfd76f3426ff27902b3c4a/ccsk-ttt-Guillaume-Boutisseau.pdf ^^ === 
* A ce jour, il a déjà formé plus de 175 personnes avec un taux de satisfaction des participants de 98%+++*[»]> ~~Source : https://cloudsecuritypass.com/#about ~~ === 
* Il est aussi CCSP (ISC)^^2^^ ID:552407.
Il a rédigé plusieurs articles sur le CCSK pour le Chapitre Français de la CSA :
<<tiddler fAll2List with: '_GB0","CCSK'>>
<<tabs tPoint 'COLORS' 'COLORS' [[.##COLORS]] 'TODO' 'TODO' [[.##TODO]] 'AdvOptions' 'AdvOptions' [[.##AdvOptions]] 'Dates' 'Dates' [[.##Dates]] 'LINKS' 'LINKS' [[.##LINKS]] 'URLs' 'URLs' [[.##URLs]]>>
/%
!COLORS
|>|>|>|>| @@background-color:#F00;  RED #F00 @@ • @@background-color:#0F0;  GREEN #0F0 @@ • @@background-color:#00F;  BLUE #00F @@ |
|>|>|>|>|!|
|bgcolor:#939597;                 2021 PANTONE [[17-5104 TCX|https://www.pantone.com/color-finder/17-5104-TCX]]                 |#939597 Ultimate Gray|
|bgcolor:#F5DF4D;                 2021 PANTONE [[13-0647 TCX|https://www.pantone.com/color-finder/13-0647-TCX]]                 |#F5DF4D Illuminating|
|bgcolor:#0F4C81;                 2020 PANTONE [[19-4052 TCX|https://www.pantone.com/color-finder/19-4052-TCX]]                 |#0F4C81 Classic Blue|
|>|>|>|>|!|
|bgcolor:#fff;                 Background                 |#fff Background|
|bgcolor:#000;                 Foreground                 |#000 Foreground|
|>|>|>|>|!|
|bgcolor:#8cf;                 PrimaryPale                 |#8cf PrimaryPale|
|bgcolor:#18f;                 PrimaryLight                 |#18f PrimaryLight|
|bgcolor:#04b;                 PrimaryMid                 |#04b PrimaryMid|
|bgcolor:#014;                 PrimaryDark                 |#014 PrimaryDark|
|>|>|>|>|!|
|bgcolor:#ffc;                 SecondaryPale                 |#ffc SecondaryPale|
|bgcolor:#fe8;                 SecondaryLight                 |#fe8 SecondaryLight|
|bgcolor:#db4;                 SecondaryMid                 |#db4 SecondaryMid|
|bgcolor:#841;                 SecondaryDark                 |#841 SecondaryDark|
|>|>|>|>|!|
|bgcolor:#eee;                 TertiaryPale                 |#eee TertiaryPale|
|bgcolor:#ccc;                 TertiaryLight                 |#ccc TertiaryLight|
|bgcolor:#999;                 TertiaryMid                 |#999 TertiaryMid|
|bgcolor:#666;                 TertiaryDark                 |#666 TertiaryDark|
|>|>|>|>|!|
|bgcolor:#f88;                 Error                 |#f88 Error:|
|>|>|>|>|!|
!TODO
+++*[T0D0 »] <<tiddler fAll2Tabs with: T0D0>>=== 
!AdvOptions
+++*[AdvancedOptions »] <<tiddler AdvancedOptions>>=== 
!Dates
|  |!0|!1|!2|!3|!4|!5|!6|!7|!8|!9|
|!0| 0| 1| 2| 3| 4| 5| 6| 7| 8| 9|
|!1| a| b| c| d| e| f| g| h| i| j|
|!2| k| l| m| n| o| p| q| r| s| t|
|!3| u| v| w| x| y| z| A| B| C| D|
|!4| E| F| G| H| I| J| K| L| M| N|
|!5| O| P| Q| R| S| T| U| V| W| X|
|!6| Y| Z| +| =| -| (| )|‘’|“”|«»|
|>|>|>|>|>|>|>|>|>|>| « ⇐ ⇒ » |
!LINKS
+++*[CloudSecurityAlliance.org »] <html><div align="center"><iframe src="https://CloudSecurityAlliance.org" frameborder="0" width="100%" height="600"></iframe></div></html> === 
+++*[Circle »] <html><div align="center"><iframe src="https://Circle.CloudSecurityAlliance.org" frameborder="0" width="100%" height="600"></iframe></div></html> === 
!URLs
Pas d'URLs !
!end
LatestMonthlyUpdates - <<tiddler fAny2List24_2 with: 'AAAAMM","AAAAMM-1' 'Dernières mises à jour'>>
fAny2List24_2   - <<forEachTiddler where 'tiddler.tags.containsAny(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '(index < 24) ? "• "+tiddler.title.substr(0,10)+" → [["+tiddler.title.substr(13,254)+"|"+tiddler.title+"]].\n" : ""' begin '"!!Date & $2\n"' end '""' none '"* Aucune publication\n"'>>
a - (a)rtefacts
b - (b)log
c - (c)onference
d - (d)rafts/request4comments
p - (p)ublications
r - press (r)eleases
w - webcast
x - (x) CSA URL - blog copy'n'paste
z - (z) Initial URLs
%/
|>|>|>|!Nomenclature / References|
|!MITRE ATT&CK|>|>|ID:''[[G0118|https://attack.mitre.org/groups/G0118/]]'' (UNC2452) +++^*[Détails] <<tiddler [[KSolarMitre]]>>=== |
|!Menaces/Malware #1|FireEye : ''Sunburst'' (//backdoor//)|Microsoft : ''Solorigate''|
|!Menaces/Malware #2|FireEye : ''Teardrop'' (//dropper//, //post-exploitation//)|
|!Menaces/Malware #3|Crowdstrike : ''Sunspot'' (//implant//)|
|!Menaces/Malware #4|Palo Alto : ''SuperNova'' (//webshell//)|
|!Menaces/Malware #5|Symantec : ''Raindrop'' (//loader//)|
|!Menaces/Malware #6|FireEye : ''Sunshuttle''(//C2 backdoor//)|(similaire à GoldMax ?)|
|!Menaces/Malware #7|Microsoft : ''GoldMax'' (//C2 backdoor//)|(similaire à Sunshuttle ?)|
|!Menaces/Malware #8|Microsoft : ''Sibot'' (//persistence//, //downloader//)|
|!Menaces/Malware #9|Microsoft : ''GoldFinder'' (//man-in-the-middle detector//)|
|!Vulnerabilité(s)|''CVE-2020-10148''|''CVE-2020-14005''|''CVE-2020-27869''|
|!Outils d'attaque|''AdFind''|''Cobalt Strike''|''Mimikatz''|
|~|''CVE-2020-27870''|''CVE-2020-27871''|''Golden SAML''|
|!Similarités de code|''Kazuar''|''7-zip''|
|!Groupe(s) d'attaquants
//"attribution"//|FireEye : ''UNC2452''|Palo Alto : ''SolarStorm''|Volexity : ''Dark Halo''| |~|Microsoft : ''Nobelium''|CrowdStrike : ''StellarParticle''|Recorded Future : ''APT 29'' ou ''APT 41''| |~|>||Média : ''APT 29'' / ''Cozy Bear''| |>|>|>|| |>|>|>|!Synthèse / Summary| |>|<<tiddler KSolarExecFR>> |>|<<tiddler KSolarExecEN>> | |>|>|>|| |>|>|>|!Contre-mesures / Counter measurements| |>|<<tiddler KSolarCounterFR>> |>|<<tiddler KSolarCounterEN>> |
!Principales dates
|2019.08.06|Attaquants|Début de constitution de l'infrastructure d'attaque| [img(500px,auto)[iCSF/L1BSW.jpg]]
Source : [[Blog SolarWinds du 11.01.2021|https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/]][img(75%,1px)[iCSF/BluePixel.gif]][img(500px,auto)[iCSF/KCOPA.jpg]]
Source : [[Blog Palo Alto Networks du 24.12.2020|https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/]][img(75%,1px)[iCSF/BluePixel.gif]] | |2019.10.26|Attaquants|Premières traces de compromission du code de Solarwinds Orion|~| |!2020.03|Attaquants|!Début de la diffusion de mises à jour compromises de Solarwinds Orion|~| |!2020.06|Attaquants|!Fin de la diffusion de mises à jour compromises de Solarwinds Orion|~| |!2020.12.08|//FireEye//|!Annonce de la compromission et mise à disposition d'IOCs|~| |2020.12.13|//FireEye//|Diffusion du rapport détaillé de FireEye sur la compromission|~| |2020.12.15|//SolarWinds//|Diffusion du premier avis de sécurité par Solarwinds|~| |2020.12.15|//SolarWinds//|Diffusion des premiers correctifs par Solarwinds|~| |2020.12.16|//Microsoft//|Mise à jour de //Defender// pour détecter les binaires Orion malveillants|~| |2020.12.16|//Microsoft//|Mise en évidence de compromission exploitant //Microsoft Azure//|~| |2020.12.24|//Palo Alto Networks//|[[Publication d'une chronologie de l'attaque|https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/]] qui fait remonter la préparation de l'attaque à au moins août 2019 et une phase de compromission active à mars 2020|~| |!2020.12.24|CISA|!Diffusion de l'utilitaire [[Sparrow|https://github.com/cisagov/Sparrow]].ps1, un outil pour détecter des comptes et des applications potentiellement comprimis dans les environnement Azure/M365|~| |!2020.12.24|//CrowdStrike//|!Diffusion de l'outil [[CRT for Azure|https://github.com/CrowdStrike/CRT]]|~| |2021.01.12|@@color:#F00;solarleaks[.]net@@|Site proposant à la vente des données soit-disant exfiltrées lors de l'attaque|~|
!Cibles Solarwinds
Extrait de l'avis de SolarWinds, dont la dernière mise à jour date du 24 décembre 2020

SolarWinds a établi que les versions compromises sont les suivantes :
* plateforme 2019.4 HF5, version 2019.4.5200.9083
* plateforme 2020.2 RC1, version 2020.2.100.12219
* plateforme 2020.2 RC2, version 2020.2.5200.12394
* plateforme 2020.2, 2020.2 HF1, version 2020.2.5300.12432
Par ailleurs, ''les systèmes qui ont, à un moment donné, exécuté l'une des versions compromises de SolarWinds mentionnées ci-dessous devraient être analysés pour détecter tout signe de compromission''.

Les dernières versions non vulnérables à SUNBURST ou SUPERNOVA sont ls suivantes :
* plateforme 2019.4 HF 6 (diffusé le 14.12.2020)
* plateforme 2020.2.1 HF 2 (diffusé le 15.12.2020)
* plateforme 2019.2 SUPERNOVA Patch (diffusé le 23.12.2020)
* plateforme 2018.4 SUPERNOVA Patch (diffusé le 23.12.2020)
* plateforme 2018.2 SUPERNOVA Patch (diffusé le 23.12.2020)
!Prévention
* appliquer les correctifs suivants :
** Plate-forme Orion v2020.2 sans correctif ou 2020.2 HF 1 : ''mise à niveau vers la plate-forme Orion version 2020.2.1 HF 2''.
** La version 2020.2.1 HF 2 sans correctif est désormais disponible sur le +++^*[portail client SolarWinds] https://customerportal.solarwinds.com ===.
** Plate-forme Orion v2019.4 HF 5 : mise à jour vers 2019.4 HF 6
* Analyser et éventuellement bloquer l'accès aux serveurs C2 comme décrit dans les différentes analyses et avis de sécurité.
!Vecteurs potentiels d'attaque
* d'après __Volexity__ : observation d'une nouvelle technique pour contourner l'authentification multi-facteur (MFA) //Duo Security// visant à accéder à la boîte aux lettres d'un utilisateur via le service //Outlook Web App// (//OWA//)
* d'après __Palo Alto Networks__ : identification d'une deuxième porte dérobée appelée SUPERNOVA et utilisée dans certains cas. Il s'agirait d'une un "code encoquillé" (//WebShell//) déposé et exécuté via l'exploitation d'une vulnérabilité 
* le __CISA__ signale qu'elle enquête sur d'autres vecteurs d'accès initial comme l'utilisation d'un "Golden SAML", qui a été décrit plus en détail par //Sygnia//
* d'après __Brian Krebs__: un vecteur pourrait avoir été une faille signalée précédemment dans VMware (non confirmé)
* la __NSA__ a publié un rapport, décrivant deux techniques utilisées pour faire passer l'accès des réseaux locaux compromis à une infrastructure basée sur le cloud.
* __Crowdstrike__ et __Microsoft__ ont identifié que SolarWinds pourrait avoir été compromis via le compte Azure Cloud de Microsoft d'un revendeur.
!Les victimes
Faire a liste des victimes n'est pas un axe de recherche de cet article, sauf si elles ont un lien avec le Cloud.
Cela explique que les informations ci-dessous ''ne sont pas exhaustives et n'ont pas vocation à l'être''.
* Etats-Unis : ^^[[U.S. Department of the Treasury|https://www.reuters.com/article/BigStory12/idUSKBN28N0PG]] • [[U.S. Department of Commerce|https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html]] • [[U.S. National Telecommunications and Information Administration (NTIA)|https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html]] • [[U.S. Department of State|https://www.washingtonpost.com/national-security/dhs-is-third-federal-agency-hacked-in-major-russian-cyberespionage-campaign/2020/12/14/41f8fc98-3e3c-11eb-8bc0-ae155bee4aff_story.html]] • [[The National Institutes of Health (NIH)|https://www.washingtonpost.com/national-security/dhs-is-third-federal-agency-hacked-in-major-russian-cyberespionage-campaign/2020/12/14/41f8fc98-3e3c-11eb-8bc0-ae155bee4aff_story.html]] • [[U.S. Department of Homeland Security (DHS)|https://www.washingtonpost.com/national-security/dhs-is-third-federal-agency-hacked-in-major-russian-cyberespionage-campaign/2020/12/14/41f8fc98-3e3c-11eb-8bc0-ae155bee4aff_story.html]] • [[U.S. Department of Energy (DOE)|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/]] • [[U.S. National Nuclear Security Administration (NNSA)|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/]] • [[Quelques états|https://www.bloomberg.com/news/articles/2020-12-17/u-s-states-were-also-hacked-in-suspected-russian-attack]]^^
* Canada : ^^[[City of Kingston, Ontario, Canada|https://www.netresec.com/?page=Blog&month=2020-12&post=Reassembling-Victim-Domain-Fragments-from-SUNBURST-DNS]]^^
Le 25 janvier 2021, NetreseC a identifié 23 victimes en faisant une analyse DNS : +++^*[détails]
Titre : Twenty-three SUNBURST Targets Identified
Lien → https://www.netresec.com/?page=Blog&month=2021-01&post=Twenty-three-SUNBURST-Targets-Identified
Noms de domaines Active Directory internes :  central.pima.gov, cisco.com, corp.qualys.com, coxnet.cox.com, ddsn.gov fc.gov fox.local ggsg-us.cisco.com, HQ.FIDELIS, jpso.gov lagnr.chevrontexaco.net logitech.local los.local mgt.srb.europa*, ng.ds.army.mil nsanet.local paloaltonetworks*, phpds.org scc.state.va.us, suk.sas.com vgn.viasatgsd.com wctc.msft WincoreWindows.local ===.
![img(30px,auto)[iCSF/Francais.gif]]Synthèse de la situation
La société ''FireEye'' a annoncé le ''8 décembre 2020'' avoir été victime d'une attaque menée par des acteurs étatiques de type APT (//Advanced Persistant Threat//).

Lors de son analyse, elle a découvert : 
* que les outils utilisés par ses équipes de tests d'intrusion avaient été accédés et compromis 
* que son origine était liée à une mise à jour logicielle malveillante de la plateforme ''SolarWinds Orion'', soit une attaque de la chaîne d'approvisionnement (//Supply-Chain//).
** SolarWinds est une plateforme de gestion des actifs qui est utilisée par environ 300.000 clients dans le monde, dont de nombreuses entités qui gèrent des infrastructures critiques, et que 18.000 d'entre eux auraient seraient victimes de cette attaque. 
* qu'il s'agissait d'une attaque massive qui affectait de nombreuses autres entreprises et administrations gouvernementales et militaires, notamment américaines. 

Plusieurs correctifs pour la plateforme //SolarWinds Orion// sont disponibles et les binaires malveillants sont détectés et supprimés, notamment par //Microsoft Defender//.

L'infrastructure d'attaque C2 a été saisie par Microsoft et est maintenant utilisé comme un mécanisme de type "Killswitch" pour la rendre inopérante.

Compte-tenu de la grande complexité de l'attaque, les analyses sont toujours en cours, et ont mis en évidence : 
* qu'il y avait d'autres vecteurs initiaux d'attaque et d'accès 
* l'existence d'au moins une deuxième porte dérobée utilisée dans certains cas, ce qui tendrait à indiquer la présence d'un deuxième groupe d'attaquants. 
** un code d'exploitation de démonstration (//Proof of Concept//) est disponible 
* ''la compromission d'environnements Active Directory, AzureAD et M365'' 
* ''la compromission initiale de la société Solarwinds se serait produite au travers d'un revendeur Microsoft Azure'' 
* ''l'exploitation de la vulnérabilité 'Golden SAML' (découverte fin 2017'')

Le 12 janvier 2021, le site //@@color:#F00;solarleaks[.]net@@// apparaît et annonce proposer à la vente des données soit-disant exfiltrées lors de l'attaque.

Outre les onglets suivants, il y a des liens vers les analyses et les IOCs les plus pertinents sur le +++^*[GitHub du The Center for Threat-Informed Defense] [>img(100px,100px)[iCSF/MECTID.jpg]] https://github.com/center-for-threat-informed-defense === qui traite de ''+++^*[Solarigate] https://github.com/center-for-threat-informed-defense/public-resources/tree/master/solorigate ===''.
![img(30px,auto)[iCSF/Anglais.gif]]Status
On ''December 8th, 2020'' ''FireEye'' declared being victim of an state-sponsored attack APT (//Advanced Persistent Threat//).

Analysis showed that: 
* the tools used by its Red Team pen-testers had been accessed and compromised 
* it originated from a malicious software update of the ''SolarWinds Orion'' platform, a //Supply-Chain// attack.
** SolarWinds is an asset management platform that is used by approximately 300,000 customers worldwide, including many entities that manage critical infrastructure, of which 18,000 are believed to have fallen victim to this attack. 
* this was a massive attack that affected many other companies and government and military agencies, including the United States. 

Several patches for the SolarWinds Orion platform are available and malicious binaries are detected and removed, including by Microsoft Defender.

The C2 attack infrastructure was seized by Microsoft and is now being used as a "Killswitch" mechanism to render it inoperable.

Given the high complexity of the attack, analyses are still in progress, and have highlighted: 
* that there were other initial attack and access vectors 
* the existence of at least a second back door used in some cases, which would tend to indicate the presence of a second attacking group. 
** a Proof of Concept is available 
* ''Compromising Active Directory, AzureAD and M365 environments ''
* ''the initial compromise of Solarwinds would have occurred through a Microsoft Azure reseller''
* ''exploitation of the 'Golden SAML' vulnerability (discovered at the end of 2017)''

On January 12th 2021, the //@@color:#F00;solarleaks[.]net@@// Web site puts on sale allegedly exfiltrated data during the attack.

along with links in the next tabs, some analysis and IOCs are also listed in the +++^*[GitHub of the The Center for Threat-Informed Defense] [>img(100px,100px)[iCSF/MECTID.jpg]] https://github.com/center-for-threat-informed-defense === dealing with ''+++^*[Solarigate] https://github.com/center-for-threat-informed-defense/public-resources/tree/master/solorigate ===''.
![img(30px,auto)[iCSF/Francais.gif]]Contre-mesures
* Application des correctifs sur les +++^*[systèmes vulnérables Solarwinds] <<tiddler [[KSolarTargets]]>> === 
* Détecter les outils FireEye compromis à partir des indicateurs de compromission (//IOC//) disponibles
* Recherche de compromission (//Threat Hunting//) sur tous les composants concernés, y compris dans Microsoft Azure
* Utilisation des +++^*[outils] <<tiddler [[KSolarTools]]>> === mis à disposition par le //CISA//, //CrowdStrike// et autres
* Consulter les principaux avis et blogs +++^*[officiels] <<tiddler [[KSolarOfficial]]>> === ou +++^*[d'éditeurs et de chercheurs] <<tiddler [[KSolarOthers]]>> === riches d'enseignements
![img(30px,auto)[iCSF/Anglais.gif]]Countermeasurement
* Enforce patching on +++^*[vulnerable Solarwinds systems] <<tiddler [[KSolarTargets]]>> === 
* Detecter compromissed FireEye tools based on the available //IOCs//
* Perform //Threat Hunting// on all components, including Microsoft Azure
* Use available +++^*[detection tools] <<tiddler [[KSolarTools]]>> === from //CISA//, //CrowdStrike//, and others
* Watch out for advisories and blog posts from +++^*[official] <<tiddler [[KSolarOfficial]]>> === or +++^*[primary or secondary] <<tiddler [[KSolarOthers]]>> === sources
!Avis officiels d'agences de sécurité / Cyber Security Agencies Advisories 
|>|>|>|bgcolor:#F5DF4D;Ce fond indique des mises à jour du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|bgcolor:#F5DF4D;2021.02.08|CISA|![[Malware Analysis Report (AR21-039A) MAR-10318845-1.v1 - SUNBURST|https://us-cert.cisa.gov/ncas/analysis-reports/ar21-039a]], [[IOCs (MAR-10318845-1.v1.stix)|https://us-cert.cisa.gov/sites/default/files/publications/MAR-10318845-1.v1.WHITE_stix.xml]]|
|bgcolor:#F5DF4D;2021.02.08|CISA|![[Malware Analysis Report (AR21-039B) MAR-10320115-1.v1 - TEARDROP|https://us-cert.cisa.gov/ncas/analysis-reports/ar21-039b]], [[IOCs (MAR-10320115-1.v1.stix)|https://us-cert.cisa.gov/sites/default/files/publications/MAR-10320115-1.v1.WHITE_stix.xmll]]|
|>|>|>|!|
|bgcolor:#F5DF4D;2021.01.27|CISA|![[Malware Analysis Report (AR21-027A) MAR-10319053-1.v1 - Supernova|https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a]], [[IOCs (MAR-10319053-1.v1.stix)|https://us-cert.cisa.gov/sites/default/files/publications/MAR-10319053-1.v1.WHITE_stix.xml]]|
|>|>|>|!|
|bgcolor:#F5DF4D;2021.01.07|CISA|![[AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations|https://us-cert.cisa.gov/ncas/alerts/aa20-352a]] (mise à jour) |
|~|~| → publication initiale : 2020.12.17|
|>|>|>|!|
|bgcolor:#F5DF4D;2021.02.04|CERT-EU|[[Critical Vulnerabilities in SolarWinds Orion Platform (CERT-EU Security Advisory 2021-008)|https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-008.pdf]]|
|bgcolor:#F5DF4D;2021.02.04|CISA|![[Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments |https://us-cert.cisa.gov/ncas/alerts/aa21-008a]] |
|~|~| → publication initiale : 2021.01.08|
|>|>|>|!|
|bgcolor:#F5DF4D;2021.01.28|CERT/CC|!VU#843464 [[SolarWinds Orion API authentication bypass allows remote command execution|https://kb.cert.org/vuls/id/843464]] (màj)|
|bgcolor:#F5DF4D;2021.01.27|CISA|[[CISA Malware Analysis on Supernova|https://us-cert.cisa.gov/ncas/current-activity/2021/01/27/cisa-malware-analysis-supernova]]|
|bgcolor:#F5DF4D;2021.01.27|CISA|![[Malware Analysis Report (AR21-027A) MAR-10319053-1.v1 - Supernova|https://us-cert.gov/ncas/analysis-reports/ar21-027a]], [[IOCs (MAR-10319053-1.v1.stix)|https://us-cert.cisa.gov/sites/default/files/publications/MAR-10319053-1.v1.WHITE_stix.xm]]|
|>|>|>|!|
|2021.01.14|CERT/CC|!VU#843464 [[SolarWinds Orion API authentication bypass allows remote command execution|https://kb.cert.org/vuls/id/843464]] (obsolète)|
|~|~| → publication initiale : 2020.12.24|
|>|>|>|!|
|2021.01.07|CERT-FR[>img[iCSF/flag_fr.png]]|CERTFR-2020-ALE-026 : [[Présence de code malveillant dans SolarWinds Orion|https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-026/]]|
|~|~| → publication initiale : 2020.12.23|
|2021.01.06|US Department of Justice|[[Department of Justice Statement on Solarwinds Update|https://www.justice.gov/opa/pr/department-justice-statement-solarwinds-update]]|
|2021.01.05|CISA|[[Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)|https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure]]|
|>|>|>|!|
|2020.12.30|CISA|![[CISA Releases Free Detection Tool for Azure/M365 Environment|https://us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-free-detection-tool-azurem365-environment]] |
|~|~| → publication initiale : 2020.12.24|
|2020.12.30|Centre Canadien pour la Cybersécurité[>img[iCSF/flag_fr.png]]|AL20-031 : [[Recommandations relatives à la compromission de la chaîne d'approvisionnement SolarWinds|https://cyber.gc.ca/fr/avis/recommandations-relatives-la-compromission-de-la-chaine-dapprovisionnement-solarwinds]] ([[English|https://cyber.gc.ca/en/alerts/recommendations-solarwinds-supply-chain-compromise]])|
|~|~| → publication initiale : 2020.12.24|
|>|>|>|!|
|2020.12.26|CERT/CC|!VU#843464 [[SolarWinds Orion API authentication bypass allows remote command execution|https://kb.cert.org/vuls/id/843464]] (obsolète)|
|>|>|>|!|
|2020.12.23|DHS|[[Supply Chain Compromise|https://www.cisa.gov/supply-chain-compromise]]|
|2020.12.23|DHS|[[What Every Leader Needs to Know About the Ongoing APT Cyber Activity|https://www.cisa.gov/sites/default/files/publications/CISA%20Insights%20-%20What%20Every%20Leader%20Needs%20to%20Know%20About%20the%20Ongoing%20APT%20Cyber%20Activity%20-%20FINAL_508.pdf]]|
|2020.12.23|CISA|[[CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity|https://us-cert.cisa.gov/ncas/current-activity/2020/12/23/cisa-releases-cisa-insights-and-creates-webpage-ongoing-apt-cyber]]|
|>|>|>|!|
|2020.12.22|ICO (UK)|[[UK organisations using SolarWinds Orion platform should check whether personal data has been affected|https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/12/uk-organisations-using-solarwinds-orion-platform-should-check-whether-personal-data-has-been-affected/]]|
|2020.12.19|CISA|[[CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise|https://us-cert.cisa.gov/ncas/current-activity/2020/12/19/cisa-updates-alert-and-releases-supplemental-guidance-emergency]]|
|2020.12.17|CISA|[[NSA Releases Cybersecurity Advisory on Detecting Abuse of Authentication Mechanisms|https://us-cert.cisa.gov/ncas/current-activity/2020/12/17/nsa-releases-cybersecurity-advisory-detecting-abuse-authentication]]|
|2020.12.17|CISA|AA20-352A: [[Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations|https://us-cert.cisa.gov/ncas/alerts/aa20-352a]]|
|2020.12.17|NSA|[[Detecting Abuse of Authentication Mechanisms|https://media.defense.gov/2020/Dec/17/2002554125/-1/-1/0/AUTHENTICATION_MECHANISMS_CSA_U_OO_198854_20.PDF]]|
|2020.12.16|CISA|[[Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI)|https://www.cisa.gov/news/2020/12/16/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure]]|
|2020.12.14|CERT-FR[>img[iCSF/flag_fr.png]]|[[Présence de code malveillant dans SolarWinds Orion|https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-026/]]|
|>|>|>|!|
|2020.12.13|DHS|![[Mitigate SolarWinds Orion Code Compromise|https://cyber.dhs.gov/ed/21-01/]] |
|2020.12.13|CISA|[[CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products|https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network]]|
|2020.12.13|CISA|[[Active Exploitation of SolarWinds Software|https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software]]|
!Sources primaires : chercheurs en cybersécurité / Primary sources : cybersecurity researchers 
|>|>|>|bgcolor:#F5DF4D;Ce fond indique des mises à jour ''pertinentes'' du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.26|//Microsoft//|[[Microsoft Open Sources CodeQL Queries Used To Hunt For Solorigate Activity|https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.22|//FireEye//|![[Light in the Dark: Hunting for SUNBURST|http://www.fireeye.com/blog/products-and-services/2021/02/light-in-the-dark-hunting-for-sunburst.html]] |
|!|>|>||
|bgcolor:#F5DF4D;2021.02.18|//Microsoft//|![[Microsoft Internal Solorigate Investigation – Final Update|https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/]] |
|bgcolor:#F5DF4D;2021.02.18|//Microsoft//|![[Turning the page on Solorigate and opening the next chapter for the security community|https://www.microsoft.com/security/blog/?p=92881]] |
|!|>|>||
|bgcolor:#F5DF4D;2021.02.17|NetreseC|![[Targeting Process for the SolarWinds Backdoor|https://www.netresec.com/?page=Blog&month=2021-02&post=Targeting-Process-for-the-SolarWinds-Backdoor]] |
|!|>|>||
|bgcolor:#F5DF4D;2021.02.05|Bernard Ourghanlian|![[L’affaire Solarwinds et quelques réflexions sur la sécurité de la chaine d’approvisionnement du logiciel|https://www.linkedin.com/pulse/laffaire-solarwinds-et-quelques-r%C3%A9flexions-sur-la-de-du-ourghanlian/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.05|SANS|![[SolarWinds - A SANS Lightning Summit Recap|https://www.sans.org/blog/solarwinds-sans-lightning-summit-recap]] |
|!|>|>||
|bgcolor:#F5DF4D;2021.02.04|//Duo Security//|[[SolarWinds Patches Two New Flaws in Orion|https://duo.com/decipher/solarwinds-patches-two-new-flaws-in-orion]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.03|Reuters|![[Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources|https://www.reuters.com/article/us-cyber-solarwinds-china-idUSKBN2A22K8]] |
|bgcolor:#F5DF4D;2021.02.03|//Trustwave//|[[Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities|https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/]]|
|bgcolor:#F5DF4D;2021.02.03|//Checkpoint Software//|[[SolarWinds Explained|https://research.checkpoint.com/2021/solarwinds-explained/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.02|Wall Street Journal|[[Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says|https://www.wsj.com/articles/hackers-lurked-in-solarwinds-email-system-for-at-least-9-months-ceo-says-11612317963]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.01|//Qualys//|[[Unpacking the CVEs in the FireEye Breach – Start Here First|https://blog.qualys.com/vulnerabilities-research/2021/02/01/unpacking-the-fireeye-breach-start-here-first]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.01.29|//SolarWinds//|![[SolarWinds Security Advisory|https://www.solarwinds.com/securityadvisory]] (màj)|
|bgcolor:#F5DF4D;2021.01.29|//Mnemonic//|[[Threat Advisory: SolarWinds Supply Chain Compromise|https://www.mnemonic.no/blog/threat-advisory-solarwinds/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.01.28|//Checkpoint Software//|![[Deep into the SunBurst Attack|https://research.checkpoint.com/2021/deep-into-the-sunburst-attack/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.01.27|CISA|![[Malware Analysis Report (AR21-027A) MAR-10319053-1.v1 - Supernova|https://us-cert.gov/ncas/analysis-reports/ar21-027a]], [[IOCs (MAR-10319053-1.v1.stix)|https://us-cert.cisa.gov/sites/default/files/publications/MAR-10319053-1.v1.WHITE_stix.xm]]|
|bgcolor:#F5DF4D;2021.01.27|MITRE ATT&CK|![[Identifying UNC2452-Related Techniques for ATT&CK|https://medium.com/mitre-attack/identifying-unc2452-related-techniques-9f7b6c7f3714]] (màj) |
|bgcolor:#F5DF4D;2021.01.27|//Domain Tools//|[[73. SUNBURST on the Scene|https://www.domaintools.com/resources/podcasts/73-sunburst-on-the-scene]] ([[podcast|https://soundcloud.com/breakingbadness/73-sunburst-on-the-scene]])|
|bgcolor:#F5DF4D;2021.01.27|//SentinelOne//|[[Inside the Mind of the SUNBURST Adversary|https://www.sentinelone.com/blog/inside-the-mind-of-the-sunburst-adversary/]] (podcast)|
|bgcolor:#F5DF4D;2021.01.27|//Checkpoint Software//|[[Are your Endpoints Affected by the SolarWinds Sunburst Attack?|https://blog.checkpoint.com/2021/01/27/are-your-endpoints-affected-by-the-solarwinds-sunburst-attack/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.01.26|Institute for Critical Infrastructure Technology|[[Lessons Learned from NASA: Operating in a Compromised Environment – Trusted Recovery from the SolarWinds Breach|https://icitech.org/operating-in-a-compromised-environment-solarwinds/]] ([[Rapport|https://secureservercdn.net/166.62.108.22/5kb.d9b.myftpupload.com/wp-content/uploads/2021/01/Operating-in-a-CompEnviron_SolarWinds_Case-Study_Jerry_Davis.pdf]])|
|!|>|>||
|bgcolor:#F5DF4D;2021.01.25|MITRE|![[UNC2452|https://attack.mitre.org/groups/G0118/]] (màj)|
|bgcolor:#F5DF4D;2021.01.25|//NetreseC//|![[Twenty-three SUNBURST Targets Identified|https://www.netresec.com/?page=Blog&month=2021-01&post=Twenty-three-SUNBURST-Targets-Identified]] |
|!|>|>||
|bgcolor:#F5DF4D;2021.01.22|//DomainTools//|[[Change in Perspective on the Utility of SUNBURST-related Network Indicators|https://www.domaintools.com/resources/blog/change-in-perspective-on-the-utility-of-sunburst-related-network-indicators]]|
|bgcolor:#F5DF4D;2021.01.22|SANS|[[Solar Winds of Change|http://www.sans.org/cyber-security-summit/archives/download/34615]] (après incription)|
|bgcolor:#F5DF4D;2021.01.22|SANS|[[SUNBURST: DGA or DNS Tunneling|http://www.sans.org/cyber-security-summit/archives/download/34740]] (après incription)|
|bgcolor:#F5DF4D;2021.01.22|SANS|[[Post Mortem: The First 72 Hours of SUNBURST Threat Intelligence Research|http://www.sans.org/cyber-security-summit/archives/download/34695]] (après incription)|
|bgcolor:#F5DF4D;2021.01.22|//Symantec//|![[SolarWinds: How Sunburst Sends Data Back to the Attackers|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-sending-data]]|
|bgcolor:#F5DF4D;2021.01.22|//SOC Prime//|[[New Raindrop Malware Connected to SolarWinds Breach|https://socprime.com/blog/new-raindrop-malware-connected-to-solarwinds-breach/]]|
|!|>|>||
|2021.01.21|//Zero Day Initiative//|[[Three Bugs in Orion’s Belt: Chaining Multiple bugs for Unauthenticated RCE in the SolarWinds Orion Platform|https://www.thezdi.com/blog/2021/1/20/three-bugs-in-orions-belt-chaining-multiple-bugs-for-unauthenticated-rce-in-the-solarwinds-orion-platform]]|
|2021.01.21|//LogRythm//|[[Windows Certificate Export Detections Inspired By The Solarwinds Compromise By Fireeyes Identifier Unc2452|https://logrhythm.com/windows-certificate-export-detections-inspired-by-the-solarwinds-compromise-by-fireeyes-identifier-unc2452/]]|
|!|>|>||
|2021.01.20|//Microsoft//|[[Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop|https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/]]|
|2021.01.20|//Crowdstrike//|[[Stellar Performances: How CrowdStrike Machine Learning Handles the SUNSPOT Malware|https://www.crowdstrike.com/blog/stellar-performances-how-crowdstrike-machine-learning-handles-the-sunspot-malware/]]|
|!|>|>||
|2021.01.19|//FireEye//|![[Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452|https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html]]|
|2021.01.19|//FireEye//| → Whitepaper [[Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452|https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/wp-m-unc2452-2021-000343-01.pdf]]|
|2021.01.19|//Malwarebytes//|[[Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments|https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/]]|
|2021.01.19|//Duo Security//|[[New Raindrop Tool Tied to SolarWinds Attackers|https://duo.com/decipher/new-raindrop-tool-tied-to-solarwinds-attackers]]|
|!|>|>||
|2021.01.18|//Symantec//|![[Raindrop: New Malware Discovered in SolarWinds Investigation|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware]]|
|!|>|>||
|2021.01.15|//Symantec//|![[SolarWinds: Insights into Attacker Command and Control Process|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-command-control]]|
|!|>|>||
|2021.01.14|//Domain Tools//|![[The Devil's in the Details: SUNBURST Attribution|https://www.domaintools.com/resources/blog/the-devils-in-the-details-sunburst-attribution]] |
|2021.01.14|//Trusted Sec//|[[RisingSun: Decoding SUNBURST C2 to Identify Infected Hosts Without Network Telemetry|https://www.trustedsec.com/blog/risingsun-decoding-sunburst-c2-to-identify-infected-hosts-without-network-telemetry/]]|
|2021.01.14|//Microsoft//|[[Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender|https://www.microsoft.com/security/blog/2021/01/14/increasing-resilience-against-solorigate-and-other-sophisticated-attacks-with-microsoft-defender/]]|
|!|>|>||
|2021.01.13|//Logrhythm//|[[Sunspot Malware Scoured Servers for SolarWinds Builds That it Could Weaponize|https://logrhythm.com/in-the-news/sunspot-malware-scoured-servers-for-solarwinds-builds-that-it-could-weaponize/]]|
|!|>|>||
|2021.01.13|//Domain Tools//|Podcast [[71. Throwing Caution to the SolarWinds|https://www.domaintools.com/resources/podcasts/71-throwing-caution-to-the-solarwinds]]|
|2021.01.13|//Domain Tools//|[[SolarWinds: Between The Clouds|https://blog.radware.com/security/cloudsecurity/2021/01/solarwinds-between-the-clouds/]]|
|!|>|>||
|2021.01.12|Brian Krebs|[[SolarWinds: What Hit Us Could Hit Others|https://krebsonsecurity.com/2021/01/solarwinds-what-hit-us-could-hit-others/]]|
|2021.01.12|//Cisco//|[[Cisco Event Response: SolarWinds Orion Platform Software Attack|https://tools.cisco.com/security/center/resources/solarwinds_orion_event_response]]|
|2021.01.12|//Rapid7//|[[Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations|https://blog.rapid7.com/2021/01/12/update-on-solarwinds-supply-chain-attack-sunspot-and-new-malware-family-associations/]]|
|!|>|>||
|2021.01.11|//SolarWinds//|![[New Findings From Our Investigation of SUNBURST|https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/]] |
|2021.01.11|//Kaspersky//|![[Sunburst backdoor – code overlaps with Kazuar|https://securelist.com/sunburst-backdoor-kazuar/99981/]] |
|2021.01.11|//Threatpost//|[[SolarWinds Hack Potentially Linked to Turla APT|https://threatpost.com/solarwinds-hack-linked-turla-apt/162918/]]|
|2021.01.11|//CrowdStrike//|![[SUNSPOT: An Implant in the Build Process|https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/]] |
|2021.01.11|//Recorded Future//|[[SolarWinds: The CSO Perspective|https://www.recordedfuture.com/solarwinds-cso-perspective/]]|
|2021.01.11|//Recorded Future//|[[SolarWinds Orion Breach – What It Means for the Industry Writ Large|https://www.recordedfuture.com/podcast-episode-191/]] (podcast)|
|2021.01.11|//NetreseC//|![[Robust Indicators of Compromise for SUNBURST|https://www.netresec.com/?page=Blog&month=2021-01&post=Robust-Indicators-of-Compromise-for-SUNBURST]] |
|!|>|>||
|2021.01.08|//Splunk//|[[A Golden SAML Journey: SolarWinds Continued|https://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html]]|
|!|>|>||
|2021.01.07|Solarwinds|[[FAQ: Security Advisory|https://www.solarwinds.com/securityadvisory/faq]]|
|2021.01.07|//DarkTrace//|[[Dissecting the SolarWinds hack without the use of signatures|https://www.darktrace.com/en/blog/dissecting-the-solar-winds-hack-without-the-use-of-signatures/]]|
|2021.01.07|//SentinelOne//|[[SentinelOne Releases Free SUNBURST Attack Identification Assessment Tool|https://www.businesswire.com/news/home/20210105005647/en/SentinelOne-Releases-Free-SUNBURST-Attack-Identification-Assessment-Tool]]|
|2021.01.07|//SentinelOne//| → [[SolarWinds Countermeasures|https://github.com/SentineLabs/SolarWinds_Countermeasures]]|
|2021.01.07|//Symantec//|![[SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-unique-dga]]|
|!|>|>||
|2021.01.04|//Qualys//|[[Technical Deep Dive Into SolarWinds Breach|https://blog.qualys.com/vulnerabilities-research/2021/01/04/technical-deep-dive-into-solarwinds-breach]]|
|2020.01.04|//Duo Security//|[[SolarWinds Attackers Accessed, But Did Not Modify, Microsoft Source Code|https://duo.com/decipher/solarwinds-attackers-accessed-but-did-not-modify-microsoft-source-code]]|
|!|>|>||
|2021.01.25|^^MITRE^^|!^^[[UNC2452|https://attack.mitre.org/groups/G0118/]]^^|
|2021.01.05|//Picus Security//|![[Six Stages of Dealing with a Global Security Incident|https://www.picussecurity.com/resource/blog/six-stages-of-dealing-with-a-global-security-incident]]|
|2021.01.05|//SecureWorks//|[[Update on SolarWinds Threat: Identity is the New Perimeter|https://www.secureworks.com/blog/update-on-solarwinds-threat-identity-is-the-new-perimeter]]|
|!|>|>||
|2021.01.04|//NetreseC//|[[Finding Targeted SUNBURST Victims with pDNS|https://www.netresec.com/?page=Blog&month=2021-01&post=Finding-Targeted-SUNBURST-Victims-with-pDNS]]|
|2021.01.04|//Duo Security//|[[CISA Identifies Multiple Vectors Used by SolarWinds Attackers|https://duo.com/decipher/cisa-identifies-multiple-vectors-used-by-solarwinds-attackers]]|
|2021.01.04|//SOC Prime//|[[Golden SAML Attack: Another Method Used by APT Group Behind SolarWinds Hack|https://socprime.com/blog/golden-saml-attack-method-used-by-apt-group-behind-solarwinds-hack/]]|
|!|>|>||
|2021.01.03|//Shift Left//|[[#Solorigate : SUPERNOVA forensics using Code Property Graph|https://blog.shiftleft.io/solorigate-supernova-forensics-using-code-property-graph-b92b56e48bb0]]|
|!|>|>||
|2020.12.31|MITRE ATT&CK|![[Identifying UNC2452-Related Techniques for ATT&CK|https://medium.com/mitre-attack/identifying-unc2452-related-techniques-9f7b6c7f3714]]|
|2020.12.31|//Microsoft//|![[Solorigate Resource Center|https://aka.ms/solorigate]] |
|2020.12.31|//Microsoft//|![[Solorigate Identity Indicators of Compromise|https://aka.ms/solorigateidentityiocs]] |
|2020.12.31|//Microsoft//|[[Microsoft Internal Solorigate Investigation Update|https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/]]|
|2020.12.31|//Microsoft//|![[Azure AD workbook to help you assess Solorigate risk|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-workbook-to-help-you-assess-solorigate-risk/ba-p/2010718]] |
|2020.12.31|//SolarWinds//|[[SolarWinds Security Advisory|https://www.solarwinds.com/securityadvisory]] (mise à jour)|
|2020.12.31|//BlackHills//|[[Podcast: Discussing Implications of the SolarWinds Breach(es)|https://content.blubrry.com/bhis/Implications_of_the_SolarWinds_Breach.mp3]]|
|2020.12.31|//BlackHills//|[[Webcast: Discussing Implications of the SolarWinds Breach(es)|https://www.blackhillsinfosec.com/webcast-discussing-implications-of-the-solarwinds-breaches/]] ([[YouTube|https://youtu.be/WtqDpH-g4rA]])|
|!|>|>||
|2020.12.30|//Recorded Future//|[[SolarWinds Attribution: Are We Getting Ahead of Ourselves?|https://www.recordedfuture.com/solarwinds-attribution/]]|
|2020.12.30|//Recorded Future//| → [[Are We Getting Ahead of Ourselves? An Analysis of UNC2452 Attribution|https://go.recordedfuture.com/hubfs/reports/pov-2020-1230.pdf]] (pdf)|
|!|>|>||
|2020.12.29|//SolarWinds//|[[Our Commitment to Cooperation|https://orangematter.solarwinds.com/2020/12/29/our-commitment-to-cooperation/]]|
|2020.12.29|//Zero Networks//|[[Examining the SolarWinds Supply Chain Attack - Executive Summary|https://zeronetworks.com/blog/examining_solarwinds_supply_chain_attack_summary/]]|
|2020.12.29|//Zero Networks//|![[Examining the SolarWinds Supply Chain Attack - Deep Dive|https://zeronetworks.com/blog/examining_solarwinds_supply_chain_attack/]]|
|2020.12.29|//NetreseC//|[[Extracting Security Products from SUNBURST DNS Beacons|https://www.netresec.com/?page=Blog&month=2020-12&post=Extracting-Security-Products-from-SUNBURST-DNS-Beacons]]|
|2020.12.29|//Anomali//|[[Actionable Threat Intelligence Available for Sunburst Cyber Attacks on SolarWinds|https://www.anomali.com/blog/actionable-threat-intelligence-available-for-sunburst-cyber-attacks-on-solarwinds]]|
|2020.12.29|//Anomali//|[[Download Actionable Sunburst Threat Intelligence Today!|https://www.anomali.com/learn/sunburst/download-actionable-sunburst-threat-intelligence]]|
|2020.12.29|//RiskRecon//|[[Entities Signaling to SUNBURST C2 Infrastructure|https://blog.riskrecon.com/entities-signaling-to-sunburst-c2-infrastructure]]|
|2020.12.29|//RiskRecon//| → [[Data File of Entities Signaling to SolarWinds SUNBURST  C2 Infrastructure|https://www.riskrecon.com/analysis-of-sunburst-signaling-entities]]|
|2020.12.29|//Cloud Vector//|[[API vulnerabilities at the center of SolarWinds SUPERNOVA Malware|https://www.cloudvector.com/api-vulnerabilities-at-the-center-of-solarwinds-supernova-malware/]]|
|!|>|>||
|2020.12.28|//Microsoft//|![[Using Microsoft 365 Defender to protect against Solorigate|https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-protection-against-solorigate/]] |
|2020.12.28|Dancho Danchez|[[Exposing the Solarwinds Malware Campaign - An OSINT Analysis|https://ddanchev.blogspot.com/2020/12/exposing-solarwinds-malware-campaign.html]]|
|2020.12.28|//Shift Left//|[[#Solorigate : A Month of Reckoning for SaaS software creators and consumers|https://blog.shiftleft.io/a-month-of-reckoning-for-saas-software-creators-and-consumers-da791a4189e9]]|
|2020.12.28|//Shift Left//|[[#Solorigate : SolarWinds SUNBRUST backdoor investigation using ShiftLeft's Code Property Graph|https://blog.shiftleft.io/solarwinds-sunbrust-backdoor-investigation-using-shiftlefts-code-property-graph-c7349ca65428]]|
|2020.12.28|//SOC Prime//|[[SUPERNOVA Backdoor: A Second APT Group Abused SolarWinds Flaw to Deploy Web Shell Malware|https://socprime.com/blog/supernova-backdoor-a-second-apt-group-abused-solarwinds-flaw-to-deploy-web-shell-malware/]]|
|>|>|>|!|
|2020.12.26|//Logrhythm//|[[How to Detect and Search for SolarWinds IOCs in LogRhythm|https://logrhythm.com/blog/how-to-detect-and-search-for-solarwinds-iocs-in-logrhythm/]]|
|>|>|>|!|
|20201.12.26|//Shift Left//|[[#Solorigate : SUNBURST SolarWinds BackDoor : Crime Scene Forensics and detection techniques|https://blog.shiftleft.io/sunburst-solarwinds-backdoor-crime-scene-forensics-part-2-continued-3bcd8361f055]]|
|>|>|>|!|
|2020.12.24|SolarWinds|![[Mitigate your Orion Platform environment from the risk of the SUPERNOVA vulnerability using a new PowerShell script|https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip]] (pdf à extraire) |
|2020.12.24|SwitHack|[[SolarWinds Supply-chain Compromises|https://gist.github.com/SwitHak/8b59e740b187511caad1bf06caa44df1]]|
|2020.12.24|//FireEye//|![[SUNBURST Additional Technical Details|https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html]] |
|2020.12.24|//Zscaler//|[[The Hitchhiker's Guide to SolarWinds Incident Response|https://www.zscaler.com/blogs/security-research/hitchhikers-guide-solarwinds-incident-response]]|
|2020.12.24|//Cyfirma//|[[SOLARWINDS HACK – Sunburst, Supernova and more|https://www.cyfirma.com/solarwinds-hack-sunburst-supernova-and-more/]]|
|!|>|>||
|2020.12.23|//Sygnia//|![[Detection and Hunting of Golden SAML Attack|https://www.sygnia.co/golden-saml-advisory]] |
|2020.12.23|//Crowdstrike//|[[CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory|https://www.crowdstrike.com/blog/crowdstrike-launches-free-tool-to-identify-and-help-mitigate-risks-in-azure-active-directory/]]|
|2020.12.23|//Sentinel One//|[[SolarWinds - Understanding & Detecting the SUPERNOVA Webshell Trojan|https://labs.sentinelone.com/solarwinds-understanding-detecting-the-supernova-webshell-trojan/]]|
|2020.12.23|//Kaspersky//|[[How we protect our users against the Sunburst backdoor|https://securelist.com/how-we-protect-against-sunburst-backdoor/99959/]]|
|2020.12.23|//Palo Alto Networks//|![[A Timeline Perspective of the SolarStorm Supply-Chain Attack|https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/]] |
|2020.12.23|//Ermetic//|![[Cloud infrastructure is not immune from the SolarWinds Orion breach|https://ermetic.com/whats-new/blog/cloud-infrastructure-is-not-immune-from-the-solarwinds-orion-breach/]] |
|2020.12.23|//KPMG//|[[SolarWinds Orion|https://advisory.kpmg.us/articles/2020/solarwinds-orion.html]] ([[avis|https://advisory.kpmg.us/content/dam/advisory/en/pdfs/2020/solarwinds-orion.pdf|]])|
|2020.12.23|//Kaspersky//|[[How we protect our users against the Sunburst backdoor|https://securelist.com/how-we-protect-against-sunburst-backdoor/99959/]]|
|2020.12.23|//Hunters.ai//|[[SUNBURST: How it Happened and How to Minimize the Risk of Future Nation-State Attacks|https://hunters.ai/blog/sunburst-how-it-happened-and-how-to-minimize-the-risk-of-future-nation-state-attacks/]]|
|2020.12.23|//Prevasio//|[[DNS Tunneling In The SolarWinds Supply Chain Attack|https://blog.prevasio.com/2020/12/dns-tunneling-in-solarwinds-supply.html]] |
|2020.12.23|//Recorded Future//|[[SolarWinds: What the Intelligence Tells Us |https://www.recordedfuture.com/solarwinds-attack-update/]]|
|!|>|>||
|2020.12.22|//Microsoft//|![[Azure AD workbook to help you assess Solorigate risk|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-workbook-to-help-you-assess-solorigate-risk/ba-p/2010718]]|
|2020.12.22|MITRE ATT&CK|!^^[[Identifying UNC2452-Related Techniques for ATT&CK|https://medium.com/mitre-attack/identifying-unc2452-related-techniques-9f7b6c7f3714]] (obsolète)^^|
|2020.12.22|//Qualys//|[[Qualys Security Advisory: SolarWinds / FireEye|https://blog.qualys.com/qualys-insights/2020/12/22/qualys-security-advisory-solarwinds-fireeye]]|
|2020.12.22|//Infoblox//|[[SolarWinds and SUNBURST Update|https://blogs.infoblox.com/cyber-threat-intelligence/solarwinds-and-sunburst-update/]]|
|2020.12.22|//Checkpoint Software//|[[SUNBURST, TEARDROP and the NetSec New Normal|https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal/]]|
|2020.12.22|//Prevasio//|[[Sunburst Backdoor, Part III: DGA & Security Software|https://blog.prevasio.com/2020/12/sunburst-backdoor-part-iii-dga-security.html]]|
|!|>|>||
|2020.12.21|//Microsoft//|![[Understanding "Solorigate"'s Identity IOCs - for Identity Vendors and their customers|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610]] |
|2020.12.21|//Tripwire//|[[Continue Clean-up of Compromised SolarWinds Software|https://www.tripwire.com/state-of-security/security-data-protection/continue-clean-up-of-compromised-solarwinds-software/]]|
|2020.12.21|//Microsoft//|![[Advice for incident responders on recovery from systemic identity compromises |https://www.microsoft.com/security/blog/2020/12/21/advice-for-incident-responders-on-recovery-from-systemic-identity-compromises/]] |
|2020.12.21|//McAfee//|[[How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise|https://www.mcafee.com/blogs/other-blogs/mcafee-labs/how-a-device-to-cloud-architecture-defends-against-the-solarwinds-supply-chain-compromise/]]|
|2020.12.21|//CyberInt Research//|[[SolarWinds Supply Chain Attack|https://blog.cyberint.com/solarwinds-supply-chain-attack]]|
|2020.12.21|//Checkpoint Software//|![[Best Practice: Identifying And Mitigating The Impact Of Sunburst|https://blog.checkpoint.com/2020/12/21/best-practice-identifying-and-mitigating-the-impact-of-sunburst/]] |
|2020.12.21|//Carbon Black//|[[TAU Threat Analysis: Insights on the SolarWinds Breach|https://www.carbonblack.com/blog/tau-threat-analysis-insights-on-the-solarwinds-breach/]]|
|2020.12.21|//VMware//|[[https://www.vmware.com/company/news/updates/2020/vmware-statement-solarwinds-supply-chain-compromise.html|https://www.vmware.com/company/news/updates/2020/vmware-statement-solarwinds-supply-chain-compromise.html]]|
|>|>|>|!|
|2020.12.19|//VX-Underground//|//[[Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromis eMultiple Global Victims With SUNBURST Backdoor|https://vx-underground.org/samples/Exotic/DarkHalo/HighlyEvasiveAttackerLeveragesSolarWindsSupplyChaintoCompromiseMultipleGlobalVictimsWithSUNBURSTBackdoor.pdf]]// (pdf)|
|!|>|>||
|2020.12.18|//Cloudflare//|![[Trend data on the SolarWinds Orion compromise|https://blog.cloudflare.com/solarwinds-orion-compromise-trend-data/]] |
|2020.12.18|Krebs on Security|[[VMware Flaw a Vector in SolarWinds Breach?|https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/]]|
|2020.12.18|Energy.gov|[[DOE Update on Cyber Incident Related to Solar Winds Compromise|https://www.energy.gov/articles/doe-update-cyber-incident-related-solar-winds-compromise]]|
|2020.12.18|//Tripwire//|[[VERT Alert: SolarWinds Supply Chain Attack|https://www.tripwire.com/state-of-security/vert/vert-alert-solar-winds-supply-chain-attack/]]|
|2020.12.18|//Sentinel One//|[[SolarWinds SUNBURST Backdoor: Inside the APT Campaign|https://labs.sentinelone.com/solarwinds-sunburst-backdoor-inside-the-stealthy-apt-campaign/]]|
|2020.12.18|//Kaspersky//|![[Sunburst: connecting the dots in the DNS requests|https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/]] |
|2020.12.18|//Palo Alto Networks//|[[Palo Alto Networks Rapid Response: Navigating the SolarStorm Attack|https://blog.paloaltonetworks.com/2020/12/solarwinds-statement-solarstorm/]]|
|2020.12.18|//Microsoft//|[[Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers|https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/]]|
|2020.12.18|//Cloudflare//|[[A quirk in the SUNBURST DGA algorithm|https://blog.cloudflare.com/a-quirk-in-the-sunburst-dga-algorithm/]]|
|2020.12.18|//Domain Tools//|[[Continuous Eruption: Further Analysis of the SolarWinds Supply Chain Incident|https://www.domaintools.com/resources/blog/continuous-eruption-further-analysis-of-the-solarwinds-supply-incident]]|
|2020.12.18|//Domain Tools//|Podcast [[70. Gone with the SolarWind|https://www.domaintools.com/resources/podcasts/70-gone-with-the-solarwind]]|
|2020.12.18|Pastebin|[[SolarWinds hacking DGA decoded|https://pastebin.com/f05i8B1Q]]|
|2020.12.18|Ntop|[[Efficiently Detecting and Blocking SunBurst Malware|https://www.ntop.org/ndpi/efficiently-detecting-and-blocking-sunburst-malware/]]|
|2020.12.18|//Qianxin//|[[First Disclosure of Target:Domain Name Generation Algorithm of SolarWinds Supply Chain Attack can be Cracked|https://ti.qianxin.com/blog/articles/First-Disclosure-of-Target:Domain-Name-Generation-Algorithm-of-SolarWinds-Supply-Chain-Attack-can-be-Cracked/]]|
|!|>|>||
|2020.12.17|//Prevasio//|![[Sunburst Backdoor, Part II: DGA & The List of Victims|https://blog.prevasio.com/2020/12/sunburst-backdoor-part-ii-dga-list-of.html]] |
|2020.12.17|//Palo Alto Networks//|[[SUPERNOVA: A Novel .NET Webshell|https://unit42.paloaltonetworks.com/solarstorm-supernova/]]|
|2020.12.17|//Microsoft//|[[A moment of reckoning: the need for a strong and global cybersecurity response|https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/]]|
|2020.12.17|//McAfee//|[[Additional Analysis into the SUNBURST Backdoor|https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/]]|
|2020.12.17|//TrustedSec//|![[SolarWinds Backdoor (Sunburst) Incident Response Playbook|https://www.trustedsec.com/blog/solarwinds-backdoor-sunburst-incident-response-playbook/]] |
|2020.12.17|//CipherCloud//|[[Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S. Government Hack|https://www.ciphercloud.com/mitigating-cloud-supply-chain-risk-office-365-and-azure-exploited-in-massive-u-s-government-hack/]]|
|2020.12.17|//NetreseC//|![[Reassembling Victim Domain Fragments from SUNBURST DNS|https://www.netresec.com/?page=Blog&month=2020-12&post=Reassembling-Victim-Domain-Fragments-from-SUNBURST-DNS]] |
|2020.12.17|//Anomali//|[[FireEye, SolarWinds Hacks Show that Detection is Key to Solid Defense|https://www.anomali.com/blog/fireeye-solarwinds-hacks-show-that-detection-is-key-to-solid-defense]]|
|!|>|>||
|2020.12.16|Krebs on Security|[[Malicious Domain in SolarWinds Hack Turned into 'Killswitch'|https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/]]|
|2020.12.16|//Volexity//|![[Responding to the SolarWinds Breach: Detect, Prevent, and Remediate the Dark Halo Supply Chain Attack|https://www.volexity.com/blog/2020/12/16/responding-to-the-solarwinds-breach/]] |
|2020.12.16|//Security Intelligence//|[[Update on Widespread Supply-Chain Compromise|https://securityintelligence.com/posts/update-widespread-supply-chain-compromise/]]|
|2020.12.16|//Reversing Labs//|[[SunBurst: the next level of stealth|https://blog.reversinglabs.com/blog/sunburst-the-next-level-of-stealth]]|
|2020.12.16|//Prevailion//|[[Cybersecurity Solarwinds Activity|https://www.linkedin.com/posts/karimhijazi_prevailionknows-cybersecurity-solarwinds-activity-6744862284868390912-BUb1/]]|
|2020.12.16|//McAfee//|[[SUNBURST Malware and SolarWinds Supply Chain Compromise|https://www.mcafee.com/blogs/other-blogs/mcafee-labs/sunburst-malware-and-solarwinds-supply-chain-compromise/]]|
|2020.12.16|//Deep Instinct//|[[Sunburst Trojan: What You Need to Know|https://www.deepinstinct.com/2020/12/16/sunburst-trojan-what-you-need-to-know/]]|
|2020.12.16|//Intsights//|[[The FireEye Breach and the SolarWinds Supply Chain Compromise Campaign|https://intsights.com/blog/the-fireeye-breach-and-the-solarwinds-supply-chain-compromise-campaign]]|
|2020.12.16|//Krypt3ia//|[[Supply Chain Attacks and Nation State Pwnage: A Primer|https://krypt3ia.wordpress.com/2020/12/16/supply-chain-attacks-and-nation-state-pwnage-a-primer/]]|
|!|>|>||
|2020.12.15|Mubix "Rob" Fuller|![[SolarFlare Release: Password Dumper for SolarWinds Orion|https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/]]|
|2020.12.15|Bruce Schneier|[[How the SolarWinds Hackers Bypassed Duo's Multi-Factor Authentication|https://www.schneier.com/blog/archives/2020/12/how-the-solarwinds-hackers-bypassed-duo-multi-factor-authentication.html]]|
|2020.12.15|//Microsoft//|[[Ensuring customers are protected from Solorigate|https://www.microsoft.com/security/blog/2020/12/15/ensuring-customers-are-protected-from-solorigate/]]|
|2020.12.15|//Symantec//|[[Sunburst: Supply Chain Attack Targets SolarWinds Users|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sunburst-supply-chain-attack-solarwinds]]|
|2020.12.15|//SonicWall//|[[Massive Supply-Chain Attack Targets SolarWinds Orion Platform |https://blog.sonicwall.com/en-us/2020/12/massive-supply-chain-attack-targets-solarwinds-orion-platform/]]|
|2020.12.15|//Prevasio//|[[Sunburst Backdoor: A Deeper Look Into The SolarWinds' Supply Chain Malware |https://blog.prevasio.com/2020/12/sunburst-backdoor-deeper-look-into.html]]|
|2020.12.15|//Picus Security//|[[Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds Breach|https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach]]|
|2020.12.15|//SecureWorks//|[[Secureworks' Response to Recent Nation-State Cyberattacks|https://www.secureworks.com/blog/secureworks-response-to-recent-nation-state-cyberattacks]]|
|2020.12.15|//GuidePoint//|[[SUPERNOVA SolarWinds .NET Webshell Analysis|https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/]]|
|!|>|>||
|2020.12.14|SANS Handlers Diary|[[SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)|https://isc.sans.edu/diary/rss/26884]]|
|2020.12.14|Krebs on Security|[[U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise|https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/]]|
|2020.12.14|Krebs on Security|[[SolarWinds Hack Could Affect 18K Customers|https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/]]|
|2020.12.14|//Volexity//|![[Dark Halo Leverages SolarWinds Compromise to Breach Organizations|https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/]]|
|2020.12.14|//Solarwinds//|[[Solarwinds Corporation report to SEC|https://d18rn0p25nwr6d.cloudfront.net/CIK-0001739942/57108215-4458-4dd8-a5bf-55bd5e34d451.pdf]]|
|2020.12.14|//RiskIQ//|[[SolarWinds Orion Hack: Know if You're Affected and Defend Your Attack Surface|https://www.riskiq.com/blog/external-threat-management/solarwinds-orion-hack/]]|
|2020.12.14|//Palo Alto Networks//|[[Threat Brief: SolarStorm and SUNBURST Customer Coverage|https://unit42.paloaltonetworks.com/fireeye-solarstorm-sunburst/]]|
|2020.12.14|//Malware Bytes//|[[SolarWinds advanced cyberattack: What happened and what to do now|https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/]]|
|2020.12.14|//SOC Prime//|[[Sunburst Backdoor Detection: Solarwinds Supply Chain Attack on FireEye and US Agencies|https://socprime.com/blog/sunburst-backdoor-detection-solarwinds-supply-chain-attack-on-fireeye-and-us-agencies/]]|
|2020.12.14|//Cisco//|[[Threat Advisory: SolarWinds supply chain attack|https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html]]|
|2020.12.14|//Cisco//|[[SolarWinds Orion Platform Supply Chain Attack|https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-solarwinds-supply-chain-attack]]|
|2020.12.14|//Cisco//|[[FireEye Breach Detection Guidance|https://blog.talosintelligence.com/2020/12/fireeye-breach-guidance.html]]|
|2020.12.14|//Tenable//|![[Solorigate: SolarWinds Orion Platform Contained a Backdoor Since March 2020 (SUNBURST)|https://www.tenable.com/blog/solorigate-solarwinds-orion-platform-contained-a-backdoor-since-march-2020-sunburst]]|
|2020.12.14|//Cado Security//|[[Responding to Solarigate|https://www.cadosecurity.com/post/responding-to-solarigate]]|
|2020.12.14|//Symantec//|[[Sunburst: Supply Chain Attack Targets SolarWinds Users|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sunburst-supply-chain-attack-solarwinds]]|
|2020.12.14|//Domain Tools//|[[Unraveling Network Infrastructure Linked to the SolarWinds Hack|https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack]]|
|2020.12.14|//True Sec//|![[SolarWinds Orion and UNC2452 – Summary and Recommendations|https://www.trustedsec.com/blog/solarwinds-orion-and-unc2452-summary-and-recommendations/]] |
|2020.12.14|//Splunk//|[[Using Splunk to Detect Sunburst Backdoor|https://www.splunk.com/en_us/blog/security/sunburst-backdoor-detections-in-splunk.html]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-063 SolarWinds Network Performance Monitor ExecuteExternalProgram Command Injection Remote Code Execution Vulnerability (CVE-2020-14005)|https://www.zerodayinitiative.com/advisories/ZDI-21-063/]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-064 SolarWinds Network Performance Monitor WriteToFile SQL Injection Privilege Escalation Vulnerability (CVE-2020-27869)|https://www.zerodayinitiative.com/advisories/ZDI-21-064/]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-065 SolarWinds Network Performance Monitor ExecuteVBScript Command Injection Remote Code Execution Vulnerability (CVE-2020-14005)|https://www.zerodayinitiative.com/advisories/ZDI-21-065/]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-066 SolarWinds Network Performance Monitor ExportToPDF Directory Traversal Information Disclosure Vulnerability (CVE-2020-27870)|https://www.zerodayinitiative.com/advisories/ZDI-21-066/]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-067 SolarWinds Network Performance Monitor VulnerabilitySettings Directory Traversal Arbitrary File Creation Vulnerability (CVE-2020-27871)|https://www.zerodayinitiative.com/advisories/ZDI-21-067/]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-06  (CVE-2020-	)|https://www.zerodayinitiative.com/advisories/ZDI-21-06/]]|
|>|>|>|!|
|2020.12.13|//TrueSec//|[[The SolarWinds Orion SUNBURST supply-chain Attack|https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/]]|
|2020.12.13|//SolarWinds//|[[SolarWinds Security Advisory|https://www.solarwinds.com/securityadvisory]] (obsolète)|
|2020.12.13|//Microsoft//|![[Important steps for customers to protect themselves from recent nation-state cyberattacks|http://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/]] |
|2020.12.13|//Microsoft//|![[Customer Guidance on Recent Nation-State Cyber Attacks|https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/]] |
|2020.12.13|//Microsoft//|[[Trojan:MSIL/Solorigate.B!dha|https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:MSIL/Solorigate.B!dha]]|
|2020.12.13|//FireEye//|[[Global Intrusion Campaign Leverages Software Supply Chain Compromise|https://www.fireeye.com/blog/products-and-services/2020/12/global-intrusion-campaign-leverages-software-supply-chain-compromise.html]]|
|2020.12.13|//FireEye//|[[FireEye Mandiant SunBurst Countermeasures|https://github.com/fireeye/sunburst_countermeasures]] (Snort, Yara, IOC, ClamAV)|
|!|>|>||
|2020.12.12|//FireEye//|[[Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor|https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html]]|
|!|>|>||
|2020.12.11|//Picus Security//|[[It is Time to Take Action - How to Defend Against FireEye's Red Team Tools|https://www.picussecurity.com/resource/blog/how-to-defend-against-fireeye-s-red-team-tools]]|
|!|>|>||
|2020.12.10|//Picus Security//|[[Tactics, Techniques and Procedures (TTPs) Utilized by FireEye's Red Team Tools|https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools]]|
|2020.12.10|//SOC Prime//|[[FireEye Breach: Leaked Red Team Toolkit Detection|https://socprime.com/blog/fireeye-breach-leaked-red-team-toolkit-detection/]]|
|2020.12.10|//Malware Bytes//|[[Malwarebytes detects leaked tools from FireEye breach|https://blog.malwarebytes.com/malwarebytes-news/2020/12/malwarebytes-detects-leaked-tools-from-fireeye-breach/]]|
|2020.12.10|//Intsights//|[[Flash Alert: FireEye Breach|https://intsights.com/blog/flash-alert-fireeye-breach]]|
|!|>|>||
|2020.12.08|//FireEye//|![[FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community|https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html]] |
|2020.12.08|//FireEye//|![[Unauthorized Access of FireEye Red Team Tools|https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html]] |
|>|>|>|!|
|2017.11.27|//CyberArk//|![[Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps|https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps]] |
|2017.05.03|//Palo Alto Network//|[[Kazuar: Multiplatform Espionage Backdoor with API Access|https://unit42.paloaltonetworks.com/unit42-kazuar-multiplatform-espionage-backdoor-api-access/]]|
|2016.01.14|//Symantec//|[[The Waterbug attack group|https://docs.broadcom.com/doc/waterbug-attack-group]]|
!Sources secondaires / Secondary sources
|>|>|>|bgcolor:#F5DF4D;Ce fond indique des mises à jour ''pertinentes'' du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.19|//Risk Recon//|[[How the World Responded to SolarWinds Orion - Part 2|https://blog.riskrecon.com/how-the-world-responded-to-solarwinds-orion-a-view-from-the-internet-part-2]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.18|Bleeping Computer|[[Microsoft: SolarWinds hackers downloaded some Azure, Exchange source code|https://www.bleepingcomputer.com/news/microsoft/microsoft-solarwinds-hackers-downloaded-some-azure-exchange-source-code/]]|
|bgcolor:#F5DF4D;2021.02.18|JiPé|![[Incidents MindMaps / SOLORIGATE_SUNBURST|https://github.com/jipegit/IncidentsMindMaps/tree/main/SOLORIGATE_SUNBURST]] ([[image|https://github.com/jipegit/IncidentsMindMaps/raw/main/SOLORIGATE_SUNBURST/SOLORIGATE_SUNBURST.png]]) |
|bgcolor:#F5DF4D;2021.02.18|Dark Reading|[[Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy|https://www.darkreading.com/vulnerabilities---threats/hiding-in-plain-sight-what-the-solarwinds-attack-revealed-about-efficacy/a/d-id/1340140]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.16|//Akamai//|[[SolarWinds Hack and the Case of DNS Security|http://feedproxy.google.com/~r/TheAkamaiBlog/~3/NYBTmg4HS00/solarwinds-hack-and-the-case-of-dns-security.html]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.12|//Risk Recon//|[[How the World Responded to SolarWinds Orion – Part 1|https://blog.riskrecon.com/how-the-world-responded-to-solarwinds-orion-a-view-from-the-internet-part-1]]|
|bgcolor:#F5DF4D;2021.02.12|//Thinkst//|[[On SolarWinds, Supply Chains and Enterprise Networks|https://blog.thinkst.com/2021/02/on-solarwinds-supply-chains-and_12.html]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.10|//Infoblox//|[[TEARDROP Malware|https://blogs.infoblox.com/cyber-threat-intelligence/teardrop-malware/]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.09|//trustwave//|[[Discussing the SolarWinds Discovery|https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/discussing-the-solarwinds-discovery/]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.05|Security Week|[[Microsoft Says Its Services Not Used as Entry Point by SolarWinds Hackers|https://www.securityweek.com/microsoft-says-its-services-not-used-entry-point-solarwinds-hackers]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.03|Bleeping Computer|[[SolarWinds patches critical vulnerabilities in the Orion platform|https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-vulnerabilities-in-the-orion-platform/]]|
|bgcolor:#F5DF4D;2021.02.03|MSSP Alert|[[SolarWinds Patches 3 Vulnerabilities Discovered by MSSP Trustwave, SpiderLabs|https://www.msspalert.com/cybersecurity-news/solarwinds-patches-three-vulnerabilities/]]|
|bgcolor:#F5DF4D;2021.02.03|Security Week|[[China-Linked Hackers Exploited SolarWinds Flaw in U.S. Government Attack: Report|https://www.securityweek.com/china-linked-hackers-exploited-solarwinds-flaw-us-government-attack-report]]|
|bgcolor:#F5DF4D;2021.02.03|Security Week|[[SolarWinds Product Vulnerabilities Allow Hackers to Take Full Control of Systems|https://www.securityweek.com/solarwinds-product-vulnerabilities-allow-hackers-take-full-control-systems]]|
|bgcolor:#F5DF4D;2021.02.03|Dark Reading|[[SolarWinds Attackers Spent Months in Corporate Email System: Report|https://www.darkreading.com/perimeter/solarwinds-attackers-spent-months-in-corporate-email-system-report/d/d-id/1340047]]|
|bgcolor:#F5DF4D;2021.02.03|//Threatpost//|[[Second SolarWinds Attack Group Breaks into USDA Payroll|https://threatpost.com/second-solarwinds-attack-group-usda-payroll/163635/
|bgcolor:#F5DF4D;2021.02.03|//Threatpost//|[[SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover|https://threatpost.com/solarwinds-orion-bug-remote-code-execution/163618/]]|
|bgcolor:#F5DF4D;2021.02.03|//Infocyte//|[[Responding to Microsoft 365 Attacks|https://www.infocyte.com/blog/2021/02/03/responding-to-microsoft-365-attacks/]]|
|bgcolor:#F5DF4D;2021.02.03|Bruce Schneier|[[More SolarWinds News|https://www.schneier.com/blog/archives/2021/02/more-solarwinds-news.html]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.01|No Limit Sécu|[[Solarwinds, illustration d’une attaque de type "supply chain"|https://www.nolimitsecu.fr/solarwinds/]] ([[podcast|https://www.nolimitsecu.fr/wp-content/uploads/NoLimitSecu-305-SolarWinds.mp3]])|
|bgcolor:#F5DF4D;2021.02.01|Security Week|[[CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds|https://www.securityweek.com/cisa-says-many-victims-solarwinds-hackers-had-no-direct-link-solarwinds]]|
|>|>|>||
|2021.01.31|NoLimitSécu[>img[iCSF/flag_fr.png]]|[[Episode #305 : Solarwinds, illustration d’une attaque de type "supply chain"|https://www.nolimitsecu.fr/solarwinds/]] ([[podcast|https://www.nolimitsecu.fr/wp-content/uploads/NoLimitSecu-305-SolarWinds.mp3]])|
|>|>|>||
|2021.01.30|Ars Technica|[[30% of "SolarWinds hack" victims didn’t actually use SolarWinds|https://arstechnica.com/information-technology/2021/01/30-of-solarwinds-hack-victims-didnt-actually-use-solarwinds/]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.01.29|//Hashed Out//|![[https://www.thesslstore.com/blog/all-you-need-to-know-about-the-solarwinds-hack/
|bgcolor:#F5DF4D;2021.01.29|//Talos / Cisco//|[[Talos Takes Ep. #39: SolarWinds' implications for IoT and OT|https://blog.talosintelligence.com/2021/01/talos-takes-ep-39-solarwinds.html]] ([[podcast|https://talos-intelligence-site.s3.amazonaws.com/production/podcast_files/Talos%20Takes%20Ep.%20%2340%3A%20Lessons%20learned%20from%20our%20conversations%20with%20a%20ransomware%20operator/1612537053/TTEP40LockBitInterview.mp3]])|
|2021.01.29|//Aon//|[[Cloudy with a Chance of Persistent Email Access|https://www.aon.com/cyber-solutions/aon_cyber_labs/cloudy-with-a-chance-of-persistent-email-access/]]|
|>|>|>||
|2021.01.28|//Threatpost//|[[Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball|https://threatpost.com/mimecast-solarwinds-hack-security-vendor-victims/163431/]]|
|>|>|>||
|2021.01.27|Security Week|[[Hundreds of Industrial Organizations Received Sunburst Malware in SolarWinds Attack|https://www.securityweek.com/hundreds-industrial-organizations-received-sunburst-malware-solarwinds-attack]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.01.26|//Forcepoint//|[[Inside the Mind of the #Sunburst Adversary - Ep. 117|https://www.forcepoint.com/resources/podcasts/inside-mind-sunburst-adversary-ep-117]]|
|bgcolor:#F5DF4D;2021.01.26|Bleeping Computer|[[Mimecast links security breach to SolarWinds hackers|https://www.bleepingcomputer.com/news/security/mimecast-links-security-breach-to-solarwinds-hackers/]]|
|2021.01.26|Dark Reading|[[Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks|https://www.darkreading.com/application-security/mimecast-recent-certificate-compromise-tied-to-solarwinds-attacks/d/d-id/1339984]]|
|>|>|>||
|2021.01.23|//TrapX//|[[Lessons from the solarwinds breach: there is nothing new under the sun?|https://www.trapx.com/lessons-from-the-solarwinds-breach-there-is-nothing-new-under-the-sun/]]
|>|>|>||
|2021.01.22|GBHackers on Security|[[Microsoft Research Reveals SolarWinds Hackers Stealthily Evaded Detection|https://gbhackers.com/solarwinds-attack-chain/]]|
|>|>|>||
|2021.01.21|Robinson+Cole|[[SolarWinds Insured Losses Estimated at $90 Million|https://www.dataprivacyandsecurityinsider.com/2021/01/solarwinds-insured-losses-estimated-at-90-million/]]|
|2021.01.21|Security Week|[[Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers|https://www.securityweek.com/microsoft-details-opsec-anti-forensic-techniques-used-solarwinds-hackers]]|
|>|>|>||
|2021.01.20|Bleeping Computer|[[Microsoft shares how SolarWinds hackers evaded detection|https://www.bleepingcomputer.com/news/security/microsoft-shares-how-solarwinds-hackers-evaded-detection/]]|
|2021.01.20|Dark Reading|[[Microsoft Releases New Info on SolarWinds Attack Chain|https://www.darkreading.com/attacks-breaches/microsoft-releases-new-info-on-solarwinds-attack-chain/d/d-id/1339940]]|
|2021.01.20|//Threatpost//|[[Malwarebytes Hit by SolarWinds Attackers|https://threatpost.com/malwarebytes-solarwinds-attackers/163190/]]|
|>|>|>||
|2021.01.19|Bleeping Computer|![[SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-used-7-zip-code-to-hide-raindrop-cobalt-strike-loader/]] |
|2021.01.19|Bleeping Computer|[[Malwarebytes says SolarWinds hackers accessed its internal emails|https://www.bleepingcomputer.com/news/security/malwarebytes-says-solarwinds-hackers-accessed-its-internal-emails/]]|
|2021.01.19|Dark Reading|[[SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics|https://www.darkreading.com/threat-intelligence/solarwinds-attack-underscores-new-dimension-in-cyber-espionage-tactics/d/d-id/1339928]]|
|2021.01.19|Security Week|[[FireEye Releases New Open Source Tool in Response to SolarWinds Hack|https://www.securityweek.com/fireeye-releases-new-open-source-tool-response-solarwinds-hack]]|
|2021.01.19|Security Week|[[SolarWinds Hackers Used 'Raindrop' Malware for Lateral Movement|https://www.securityweek.com/solarwinds-hackers-used-raindrop-malware-lateral-movement]]|
|2021.01.19|//Threatpost//|[[SolarWinds Malware Arsenal Widens with Raindrop|https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/]]|
|>|>|>||
|2021.01.18|//Zscaler//|[[Supply Chain Attacks|https://www.zscaler.com/blogs/product-insights/supply-chain-attack]]|
|2021.01.18|//Digital Shadows//|Podcast '[[ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!|https://www.digitalshadows.com/blog-and-research/shadowtalk-update-sunburst-sunspot-and-more-on-solarwinds/]]'|
|>|>|>||
|2021.01.17|//WhoisXML API//|![[Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs|http://www.circleid.com/posts/20210117-cyberthreat-intel-analysis-expansion-of-solarwinds-identified-iocs/]] |
|>|>|>||
|2021.01.13|Dark Reading|[[SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns|https://www.darkreading.com/threat-intelligence/solarwinds-attackers-may-have-hit-mimecast-driving-new-concerns/d/d-id/1339895]]|
|>|>|>||
|2021.01.12|Wall Street Journal|[[SolarWinds Hackers' Attack on Email Security Company Raises New Red Flags|https://www.wsj.com/articles/solarwinds-hackers-attack-on-email-security-company-raises-new-red-flags-11610510375]]|
|2021.01.12|Bleeping Computer|![[New Sunspot malware found while investigating SolarWinds hack|https://www.bleepingcomputer.com/news/security/new-sunspot-malware-found-while-investigating-solarwinds-hack/]] |
|2021.01.12|Bleeping Computer|![[SolarLeaks site claims to sell data stolen in SolarWinds attacks|https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/]] |
|2021.01.12|Dark Reading|[[More SolarWinds Attack Details Emerge|https://www.darkreading.com/threat-intelligence/more-solarwinds-attack-details-emerge/d/d-id/1339885]]|
|bgcolor:#F5DF4D;2021.01.12|GBHackers on Security|[[SolarWinds Hack – Multiple Similarities Found Between Sunburst Backdoor and Turla's Backdoor|https://gbhackers.com/solarwinds-backdoor-similarities/]]|
|2021.01.11|Security Week|[[Kaspersky Connects SolarWinds Attack Code to Known Russian APT Group|https://www.securityweek.com/malware-used-solarwinds-attack-linked-backdoor-attributed-turla-cyberspies]]|
|2021.01.11|Secplicity|[[The Hack of the Decade|https://www.secplicity.org/2021/01/11/the-hack-of-the-decade/]] ([[podcast|https://media.blubrry.com/the_443/content.blubrry.com/the_443/The_443-131-The_Hack_of_the_Decade.mp3]])|
|>|>|>||
|2021.01.07|Dark Reading|![[FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack|https://www.darkreading.com/threat-intelligence/fireeyes-mandia-severity-zero-alert-led-to-discovery-of-solarwinds-attack/d/d-id/1339851]] |
|2021.01.07|Dark Reading|[[DoJ's Microsoft 365 Email Accounts Compromised in SolarWinds Attacks|Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reportssed-in-solarwinds-attacks/d/d-id/1339842]]|
|2021.01.06|Bruce Schneier|[[Russia's SolarWinds Attack and Software Security|https://www.schneier.com/blog/archives/2021/01/russias-solarwinds-attack-and-software-security.html]]|
|2021.01.05|Bruce Schneier|[[Latest on the SVR's SolarWinds Hack|https://www.schneier.com/blog/archives/2021/01/latest-on-the-svrs-solarwinds-hack.html]]|
|>|>|>||
|2020.12.31|Bleeping Computer|[[Microsoft: SolarWinds hackers accessed our source code|https://www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-accessed-our-source-code/]]|
|2020.12.31|Dark Reading|[[Microsoft Reveals That Russian Attackers Accessed Some of Its Source Code|https://www.darkreading.com/attacks-breaches/microsoft-reveals-that-russian-attackers-accessed-some-of-its-source-code/d/d-id/1339816]]|
|>|>|>||
|2020.12.30|01 Net[>img[iCSF/flag_fr.png]]|[[SolarWinds : le mystère du hack de l'année élucidé par Microsoft ?|https://www.01net.com/actualites/solarwinds-le-mystere-du-hack-de-l-annee-elucide-par-microsoft-2026032.html]]|
|2020.12.30|GBHackers on Security|[[SolarWinds Hackers Aimed to Access Victim Cloud Assets after deploying the Solorigate Backdoor|https://gbhackers.com/solarsinds-targets-cloud-assets/]]|
|2020.12.30|Bleeping Computer|[[DHS orders federal agencies to update SolarWinds Orion platform|https://www.bleepingcomputer.com/news/security/dhs-orders-federal-agencies-to-update-solarwinds-orion-platform/]]|
|2020.12.30|Security Week|[[Shields Up: How to Tackle Supply Chain Risk Hazards|https://www.securityweek.com/shields-how-tackle-supply-chain-risk-hazards]]|
|>|>|>||
|2020.12.29|Bleeping Computer|[[Microsoft: SolarWinds hackers' goal was the victims' cloud data|https://www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-goal-was-the-victims-cloud-data/]]|
|>|>|>||
|2020.12.28|Bleeping Computer|[[CISA releases Azure, Microsoft 365 malicious activity detection tool|https://www.bleepingcomputer.com/news/security/cisa-releases-azure-microsoft-365-malicious-activity-detection-tool/]]|
|>|>|>|!|
|2020.12.27|Forbes|[[Dissecting The SolarWinds Hack For Greater Insights With A Cybersecurity Evangelist|https://www.forbes.com/sites/louiscolumbus/2021/12/27/dissecting-the-solarwinds-hack-for-greater-insights-with-a-cybersecurity-evangelist/]]|
|>|>|>||
|2020.12.26|Bleeping Computer|[[SolarWinds releases updated advisory for new SUPERNOVA malware|https://www.bleepingcomputer.com/news/security/solarwinds-releases-updated-advisory-for-new-supernova-malware/]]|
|2020.12.26|Bleeping Computer|[[VMware latest to confirm breach in SolarWinds hacking campaign|https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/]]|
|>|>|>||
|2020.12.25|Washington Post|[[Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk|https://www.washingtonpost.com/national-security/russia-hack-microsoft-cloud/2020/12/24/dbfaa9c6-4590-11eb-975c-d17b8815a66d_story.html]]|
|2020.12.25|Reuters|[[Suspected Russian hackers used Microsoft vendors to breach customers|https://reuters.com/article/us-global-cyber-usa/suspected-russian-hackers-made-failed-attempt-to-breach-crowdstrike-company-says-idUSKBN28Y1BF]]|
|2020.12.25|Bleeping Computer|[[CrowdStrike releases free Azure security tool after failed hack|https://www.bleepingcomputer.com/news/security/crowdstrike-releases-free-azure-security-tool-after-failed-hack/]]|
|2020.12.25|Security Boulevard|[[SUNBURST SolarWinds BackDoor : Crime Scene Forensics Part 2 (continued)|https://securityboulevard.com/2020/12/sunburst-solarwinds-backdoor-crime-scene-forensics-part-2-continued/]]|
|>|>|>||
|2020.12.24|The Hill|[[Hackers accessed Microsoft cloud customers' information through third party: report|https://thehill.com/policy/technology/531649-hackers-accessed-microsoft-cloud-customers-information-through-third-party]]|
|2020.12.24|Reuters|[[U.S. cyber agency says SolarWinds hackers are 'impacting' state, local governments|https://www.reuters.com/article/us-global-cyber-usa/u-s-cyber-agency-says-solarwinds-hackers-are-impacting-state-local-governments-idUSKBN28Y09L]]|
|2020.12.24|Reuters|[[Suspected Russian hackers used Microsoft vendors to breach customers|https://www.reuters.com/article/us-global-cyber-usa-idUSKBN28Y1BF]]|
|2020.12.24|The Intercept|[[SolarWinds Hack Infected Critical Infrastructure, Including Power Industry|https://theintercept.com/2020/12/24/solarwinds-hack-power-infrastructure/]]|
|>|>|>||
|2020.12.23|Security Week|[[Millions of Devices Affected by Vulnerabilities Used in Stolen FireEye Tools|https://www.securityweek.com/millions-devices-affected-vulnerabilities-used-stolen-fireeye-tools]]|
|2020.12.23|Bleeping Computer|[[UK privacy watchdog warns SolarWinds victims to report data breaches|https://www.bleepingcomputer.com/news/security/uk-privacy-watchdog-warns-solarwinds-victims-to-report-data-breaches/]]|
|2020.12.23|//Security Risk Advisors//|[[SolarWinds Breach: How do we stop this from happening again?|https://sra.io/blog/solarwinds-breach-how-do-we-stop-this-from-happening-again/]]|
|2020.12.23|//XM Cyber//|[[Here's How the Recent SolarWinds Supply Chain Attack Could Be Easily Stopped|https://www.xmcyber.com/heres-how-the-recent-solarwinds-supply-chain-attack-could-be-easily-stopped/]]|
|2020.12.23|GeekWire|[[How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack|https://www.geekwire.com/2020/solarwinds-hackers-targeting-cloud-services-unprecedented-cyberattack/]]|
|>|>|>||
|2020.12.22|//McAfee//|[[How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise|https://www.mcafee.com/blogs/other-blogs/mcafee-labs/how-a-device-to-cloud-architecture-defends-against-the-solarwinds-supply-chain-compromise/]]|
|2020.12.22|Reuters|[['Dozens of email accounts' were hacked at U.S. Treasury -Senator Wyden|https://www.reuters.com/article/us-global-cyber/u-s-treasury-confirms-solarwinds-hack-as-more-officials-blame-russia-idUSKBN28V2DX]]|
|2020.12.22|Hack Read|[[The ongoing investigation into the SolarWinds supply chain cyberattack indicates the involvement of another APT group|https://www.hackread.com/two-groups-breached-solarwinds-orion-software-microsoft/]]|
|2020.12.22|Dark Reading|[[SolarWinds Campaign Focuses Attention on 'Golden SAML' Attack Vector|https://www.darkreading.com/attacks-breaches/solarwinds-campaign-focuses-attention-on-golden-saml-attack-vector/d/d-id/1339794]]|
|2020.12.22|Bleeping Computer|[[SolarWinds victims revealed after cracking the Sunburst malware DGA|https://www.bleepingcomputer.com/news/security/solarwinds-victims-revealed-after-cracking-the-sunburst-malware-dga/]]|
|2020.12.22|Bleeping Computer|[[SolarWinds hackers breached US Treasury officials' email accounts|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breached-us-treasury-officials-email-accounts/]]|
|2020.12.22|GBHakers on Security|[[NSA Warns of Cloud Attacks on Authentication Mechanisms|https://gbhackers.com/nsa-warns-of-cloud-attacks/]]|
|>|>|>||
|2020.12.21|The Register|[[Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again|https://www.theregister.com/2020/12/21/solarwinds_sunburst_evolve/]]|
|2020.12.21|Security Week|[[VMware, Cisco Reveal Impact of SolarWinds Incident|https://www.securityweek.com/vmware-cisco-reveal-impact-solarwinds-incident]]|
|2020.12.21|Reuters|[[U.S. Treasury has not seen any damage from widespread hack-CNBC|https://www.reuters.com/article/us-usa-cyber-breach-treasury/u-s-treasury-has-not-seen-any-damage-from-widespread-hack-cnbc-idUSKBN28V1X0]]|
|2020.12.21|Help Net Security|[[SolarWinds is the tip of the iceberg|https://www.helpnetsecurity.com/2020/12/21/solarwinds-cybersecurity/]]|
|2020.12.21|Dark Reading|[[We Have a National Cybersecurity Emergency -- Here's How We Can Respond|https://www.darkreading.com/vulnerabilities---threats/we-have-a-national-cybersecurity-emergency----heres-how-we-can-respond/a/d-id/1339766]]|
|2020.12.21|Dark Reading|[[Cisco, Intel, Deloitte Among Victims of SolarWinds Breach: Report|https://www.darkreading.com/threat-intelligence/cisco-intel-deloitte-among-victims-of-solarwinds-breach-report/d/d-id/1339780]]|
|2020.12.21|CSO Online|[[How to prepare for the next SolarWinds-like threat|https://www.csoonline.com/article/3601796/how-to-prepare-for-the-next-solarwinds-like-threat.html]]|
|2020.12.21|Bleeping Computer|[[VMware latest to confirm breach in SolarWinds hacking campaign|https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/]]|
|2020.12.21|Bleeping Computer|[[New SUPERNOVA backdoor found in SolarWinds cyberattack analysis|https://www.bleepingcomputer.com/news/security/new-supernova-backdoor-found-in-solarwinds-cyberattack-analysis/]]|
|2020.12.21|//Cyjax//|[[SolarWinds Supply Chain Attack - Summary and Analysis|https://www.cyjax.com/2020/12/21/solarwinds-supply-chain-attack-summary-and-analysis/]]|
|>|>|>|!|
|2020.12.19|Bleeping Computer|[[The SolarWinds cyberattack: The hack, the victims, and what we know|https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the-hack-the-victims-and-what-we-know/]]|
|>|>|>||
|2020.12.18|Dark Reading|[[Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates|https://www.darkreading.com/attacks-breaches/microsoft-confirms-its-network-was-breached-with-tainted-solarwinds-updates/d/d-id/1339769]]|
|2020.12.18|Dark Reading|[[5 Key Takeaways From the SolarWinds Breach|https://www.darkreading.com/5-key-takeaways-from-the-solarwinds-breach/d/d-id/1339764]]|
|2020.12.18|Bleeping Computer|[[US think tank breached three times in a row by SolarWinds hackers|https://www.bleepingcomputer.com/news/security/us-think-tank-breached-three-times-in-a-row-by-solarwinds-hackers/]]|
|2020.12.18|Bleeping Computer|[[Microsoft identifies 40+ victims of SolarWinds hack, 80% from US|https://www.bleepingcomputer.com/news/security/microsoft-identifies-40-plus-victims-of-solarwinds-hack-80-percent-from-us/]]|
|2020.12.18|Bleeping Computer|[[Microsoft confirms breach in SolarWinds hack, denies infecting others|https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-breach-in-solarwinds-hack-denies-infecting-others/]]|
|2020.12.18|Help Net Security|[[Microsoft was also a victim of the SolarWinds supply chain hack|https://www.helpnetsecurity.com/2020/12/18/microsoft-solarwinds/]]|
|2020.12.18|Security Week|[[Microsoft, Energy Department and Others Named as Victims of SolarWinds Attack|https://www.securityweek.com/microsoft-energy-department-and-others-named-victims-solarwinds-attack]]|
|2020.12.18|The New Stack|[[SolarWinds, the World's Biggest Security Failure and Open Source's Better Answer|https://thenewstack.io/solarwinds-the-worlds-biggest-security-failure-and-open-sources-better-answer/]]|
|2020.12.18|//Security Scorecard//|[[SolarWinds Compromise May Have Begun 5 Months Earlier Than Suspected|https://securityscorecard.com/blog/solarwinds-compromise-may-have-begun-5-months-earlier-than-suspected]]|
|>|>|>||
|2020.12.17|//Radware//|[[FireEye Hack Turns into a Global Supply Chain Attack|https://blog.radware.com/security/2020/12/fireeye-hack-turns-into-a-global-supply-chain-attack/]]|
|2020.12.17|Dark Reading|[[CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach|https://www.darkreading.com/attacks-breaches/cisa-solarwinds-not-the-only-initial-attack-vector-in-massive-breach/d/d-id/1339755]]|
|2020.12.17|Bleeping Computer|[[SolarWinds hackers breach US nuclear weapons agency|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/]]|
|2020.12.17|Bleeping Computer|[[US think tank breached three times in a row by SolarWinds hackers|https://www.bleepingcomputer.com/news/security/nation-state-hackers-breached-us-think-tank-thrice-in-a-row/]]|
|2020.12.17|Bleeping Computer|[[FBI, CISA officially confirm US govt hacks after SolarWinds breach|https://www.bleepingcomputer.com/news/security/fbi-cisa-officially-confirm-us-govt-hacks-after-solarwinds-breach/]]|
|2020.12.17|Bleeping Computer|[[CISA: Hackers breached US govt using more than SolarWinds backdoor|https://www.bleepingcomputer.com/news/security/cisa-hackers-breached-us-govt-using-more-than-solarwinds-backdoor/]]|
|2020.12.17|//Lacework//|[[SolarWinds & the Software Supply Chain|https://www.lacework.com/solarwinds-the-software-supply-chain/]]|
|2020.12.17|//Anomali//|[[The FireEye, SolarWinds Hacks: Adversaries Want Access, How To Protect Your Organization|https://www.anomali.com/resources/podcasts/the-fireeye-solarwinds-hacks-adversaries-want-access-how-to-protect-your-organization]] (podcast)|
|202012.17|//Shift Left//|[[#Solorigate : SUNBURST SolarWinds BackDoor : Crime Scene Forensics|https://medium.com/swlh/sunburst-solarwinds-breach-crime-scene-forensics-continued-aef0ab568e03]]|
|>|>|>||
|2020.12.16|Help Net Security|[[SolarWinds hackers' capabilities include bypassing MFA|https://www.helpnetsecurity.com/2020/12/16/solarwinds-hackers-capabilities/]]|
|2020.12.16|Dark Reading|[[FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond|https://www.darkreading.com/attacks-breaches/fireeye-identifies-killswitch-for-solarwinds-malware-as-victims-scramble-to-respond/d/d-id/1339746]]|
|2020.12.16|Bleeping Computer|[[FireEye, Microsoft create kill switch for SolarWinds backdoor|https://www.bleepingcomputer.com/news/security/fireeye-microsoft-create-kill-switch-for-solarwinds-backdoor/]]|
|2020.12.16|//RedSeal//|[[Lessons for All of Us From the SolarWinds Orion Compromise |https://www.redseal.net/responding-to-the-solarwinds-orion-compromise/]]|
|>|>|>||
|2020.12.15|SANS|[[What You Need to Know About the SolarWinds Supply-Chain Attack|https://www.sans.org/blog/what-you-need-to-know-about-the-solarwinds-supply-chain-attack/]]|
|2020.12.15|Reuters|[[U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack|https://www.reuters.com/article/global-cyber/u-s-homeland-security-thousands-of-businesses-scramble-after-suspected-russian-hack-idUSKBN28O1Z3]]|
|2020.12.15|Dark Reading|[[Concerns Run High as More Details of SolarWinds Hack Emerge|https://www.darkreading.com/attacks-breaches/concerns-run-high-as-more-details-of-solarwinds-hack-emerge/d/d-id/1339726]]|
|2020.12.15|Bleeping Computer|[[Microsoft to quarantine compromised SolarWinds binaries tomorrow|https://www.bleepingcomputer.com/news/security/microsoft-to-quarantine-compromised-solarwinds-binaries-tomorrow/]]|
|2020.12.15|//Cycode//|[[Six AppSec Learnings from Solar Winds|https://cycode.com/blog/six-appsec-learnings-from-solar-winds/]]|
|2020.12.15|//Shift Left//|[[Visual Notes Solarwinds Supply Chain Compromise Using Sunburst Backdoor Detected by Fireeye|https://blog.shiftleft.io/visual-notes-solarwinds-supply-chain-compromise-using-sunburst-backdoor-detected-by-fireeye-561e097fff3c]]|
|>|>|>||
|2020.12.14|Politico|[[Massively disruptive' cyber crisis engulfs multiple agencies|https://www.politico.com/news/2020/12/14/massively-disruptive-cyber-crisis-engulfs-multiple-agencies-445376]]|
|2020.12.14|Help Net Security|[[Hackers breached U.S. government agencies via compromised SolarWinds Orion software|https://www.helpnetsecurity.com/2020/12/14/compromised-solarwinds-orion/]]|
|2020.12.14|Dark Reading|[[18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack |https://www.darkreading.com/attacks-breaches/18000-organizations-possibly-compromised-in-massive-supply-chain-cyberattack-/d/d-id/1339716]]|
|2020.12.14|Bleeping Computer|[[US govt, FireEye breached after SolarWinds supply-chain attack|https://www.bleepingcomputer.com/news/security/us-govt-fireeye-breached-after-solarwinds-supply-chain-attack/]]|
|2020.12.15|//Malwarebytes//|[[SolarWinds advanced cyberattack: What happened and what to do now|https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/]]|
|>|>|>|!|
|2020.12.13|Washington Post|[[Russian government hackers are behind a broad espionage campaign that has compromised U.S. agencies, including Treasury and Commerce|https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html]]|
|2020.12.13|The Hacker News|[[US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor|https://thehackernews.com/2020/12/us-agencies-and-fireeye-were-hacked.html]]|
|2020.12.13|The Guardian|[[US treasury hacked by foreign government group - report|https://www.theguardian.com/technology/2020/dec/13/us-treasury-hacked-group-backed-by-foreign-government-report]]|
|2020.12.13|Security Week|[[US Investigating Computer Hacks of Government Agencies|https://www.securityweek.com/us-investigating-computer-hacks-government-agencies]]|
|2020.12.13|New York Times|[[Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect|https://www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html]]|
|>|>|>||
|2020.12.10|Dark Reading|[[FireEye Breach Fallout Yet to Be Felt|https://www.darkreading.com/threat-intelligence/fireeye-breach-fallout-yet-to-be-felt/d/d-id/1339680]]|
|>|>|>||
|2020.12.08|Dark Reading|[[Nation-State Hackers Breached FireEye, Stole Its Red Team Tools|https://www.darkreading.com/attacks-breaches/nation-state-hackers-breached-fireeye-stole-its-red-team-tools/d/d-id/1339652]]|
|>|>|>|!|
!Autres Sources / Other sources
|>|>|>|Ce fond indique des mises à jour ''pertinentes'' du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|2021.02.26|Security Week|[[Microsoft Releases Open Source Resources for Solorigate Threat Hunting|https://www.securityweek.com/microsoft-releases-open-source-resources-solorigate-threat-hunting]]|
|2021.02.23|Dark Reading|[[SolarWinds Attackers Lurked for 'Several Months' in FireEye's Network|https://www.darkreading.com/threat-intelligence/solarwinds-attackers-lurked-for-several-months-in-fireeyes-network/d/d-id/1340239]]|
|2021.02.15|The Register|[[Microsoft says it found 1,000-plus developers' fingerprints on the SolarWinds attack|https://www.theregister.com/2021/02/15/solarwinds_microsoft_fireeye_analysis/]]|
|2021.02.12|//Thinkst//|[[On SolarWinds, Supply Chains and Enterprise Networks|https://blog.thinkst.com/2021/02/on-solarwinds-supply-chains-and_12.html]]|
|2021.02.14|CBS News|[[SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments|https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-02-14/]]|
|2021.02.11|Dark Reading|[[7 Things We Know So Far About the SolarWinds Attacks|https://www.darkreading.com/attacks-breaches/7-things-we-know-so-far-about-the-solarwinds-attacks/d/d-id/1340134]]|
|2021.02.07|E-Hacking News|[[SolarWinds CEO: "SolarWinds Orion Development Program was Exploited by the Hackers"|https://www.ehackingnews.com/2021/02/solarwinds-ceo-solarwinds-orion.html]]|
|2021.02.05|//McAfee//|[[6 Best Practices for SecOps in the Wake of the Sunburst Threat Campaign|https://www.mcafee.com/blogs/enterprise/security-operations/6-best-practices-for-secops-in-the-wake-of-the-sunburst-threat-campaign/]]|
|2021.02.03|//Perimeter 81//|[[Make Sure the Next SolarWinds Isn’t In Your Supply Chain|https://www.perimeter81.com/blog/cloud/how-to-make-sure-the-next-solarwinds-isnt-in-your-supply-chain/]]|
|2021.01.29|Wall Street Journal|[[	|https://www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-solarwinds-software-investigators-say-11611921601]]|
|2021.01.27|//Cybereason//|[[SolarWinds Attacks Highlight Advantage of Indicators of Behavior for Early Detection|https://www.cybereason.com/blog/solarwinds-attacks-highlight-advantage-of-indicators-of-behavior-for-early-detection]]|
|2021.01.26|Security Week|[[More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack|https://www.securityweek.com/more-cybersecurity-firms-confirm-being-hit-solarwinds-hack]]|
|2021.01.20|Security Week|[[Malwarebytes Targeted by SolarWinds Hackers|https://www.securityweek.com/malwarebytes-targeted-solarwinds-hackers]]|
|2021.01.15|//Varonis//|[[Threat Update 21 – SolarLeaks|https://www.varonis.com/blog/threat-update-21-solarleaks/]] ([[vidéo|https://www.youtube.com/watch?v=TSAbkRAM1qo]])|
|2021.01.15|//Avast//|[[Microsoft source code allegedly for sale on SolarLeaks site|https://blog.avast.com/solarleaks-selling-alleged-source-code-from-microsoft-cisco-avast]]|
|2021.01.14|//eSentire//|[[The SolarWinds supply chain compromise (Part 2)|https://www.esentire.com/blog/the-solarwinds-supply-chain-compromise-part-2]]|
|2021.01.14|Wall Street Journal|[[SolarWinds Hack Forces Reckoning With Supply-Chain Security|https://www.wsj.com/articles/solarwinds-hack-forces-reckoning-with-supply-chain-security-11610620200]]|
|2021.01.13|Security Week|[[SolarLeaks: Files Allegedly Obtained in SolarWinds Hack Offered for Sale|https://www.securityweek.com/solarleaks-files-allegedly-obtained-solarwinds-hack-offered-sale]]|
|2021.01.13|Security Week|[[Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack|https://www.securityweek.com/mimecast-discloses-certificate-incident-possibly-related-solarwinds-hack]]|
|2021.01.12|//RiskRecon//|[[Three key questions and answers surrounding the SolarWinds Breach|https://blog.riskrecon.com/securing-the-supply-chain-next-steps-following-the-solarwinds-event]]|
|2021.01.12|//Cloud Passage//|[[SolarWinds Orion Compromise Vulnerability Mitigation|https://www.cloudpassage.com/articles/solarwinds-orion-compromise-mitigation/]]|
|2021.01.12|Wall Street Journal|[[SolarWinds Discloses Earlier Evidence of Hack|https://www.wsj.com/articles/solarwinds-discloses-earlier-evidence-of-hack-11610473937]]|
|2021.01.07|Security Week|[[Continuous Updates: Everything You Need to Know About the SolarWinds Attack|https://www.securityweek.com/continuous-updates-everything-you-need-know-about-solarwinds-attack]]|
|2021.01.07|Wall Street Journal|[[Federal Judiciary’s Systems Likely Breached in SolarWinds Hack|https://www.wsj.com/articles/federal-judiciarys-systems-likely-breached-in-solarwinds-hack-11610040175]]|
|2021.01.07|Reuters|[[Hacking victim SolarWinds hires ex-Homeland Security official Krebs as consultant|https://www.reuters.com/article/global-cyber-solarwinds/hacking-victim-solarwinds-hires-ex-homeland-security-official-krebs-as-consultant-idUSL1N2JJ069]]|
|2021.01.07|Dark Reading| → [[SolarWinds Hires Chris Krebs and Alex Stamos for Breach Recovery|https://www.darkreading.com/threat-intelligence/solarwinds-hires-chris-krebs-and-alex-stamos-for-breach-recovery/d/d-id/1339861]]|
|2021.01.07|Tech Beacon|[[SolarWinds hack: Who's to blame? It's complicated|https://techbeacon.com/security/solarwinds-hack-whos-blame-its-complicated]]|
|2021.01.07|JetBrains|[[An Update on SolarWinds|https://blog.jetbrains.com/blog/2021/01/07/an-update-on-solarwinds/]]|
|2021.01.07|Bleeping Computer| &rarrd; [[JetBrains denies involvement in the SolarWinds supply-chain hack|https://www.bleepingcomputer.com/news/security/jetbrains-denies-involvement-in-the-solarwinds-supply-chain-hack/]]|
|2021.01.07|Dark Reading|[[Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reports|https://www.securityweek.com/investigation-launched-role-jetbrains-product-solarwinds-hack-reports]]|
|2021.01.07|DZone|[[API Security Weekly / Vulnerability: SolarWinds|https://dzone.com/articles/api-security-weekly-issue-115]]|
|2021.01.06|Wall Street Journal|[[SolarWinds Hack Breached Justice Department System|https://www.wsj.com/articles/solarwinds-hack-breached-justice-department-systems-11609958761]]|
|2021.01.06|New York Times|[[Widely Used Software Company May Be Entry Point for Huge U.S. Hacking|https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html]]|
|2021.01.06|Reuters|[[FBI probe of major hack includes project-management software from JetBrains: sources|https://www.reuters.com/article/us-global-cyber-jetbrains/fbi-probe-of-major-hack-includes-project-management-software-from-jetbrains-sources-idUSKBN29B2RR]]|
|2021.01.06|JetBrains|[[Statement on the Story from The New York Times Regarding JetBrains and SolarWinds|https://blog.jetbrains.com/blog/2021/01/06/statement-on-the-story-from-the-new-york-times-regarding-jetbrains-and-solarwinds/]]|
|2021.01.06|Bleeping Computer|[[SolarWinds hackers had access to over 3,000 US DOJ email accounts|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-had-access-to-over-3-000-us-doj-email-accounts/]]|
|2021.01.06|Security Week|[[Class Action Lawsuit Filed Against SolarWinds Over Hack|https://www.securityweek.com/class-action-lawsuit-filed-against-solarwinds-over-hack]]|
|2021.01.05|Dark Reading|[[FBI, CISA, NSA & ODNI Cite Russia in Joint Statement on 'Serious' SolarWinds Attacks|https://www.darkreading.com/risk/fbi-cisa-nsa-and-odni-cite-russia-in-joint-statement-on-serious-solarwinds-attacks/d/d-id/1339829]]|
|2021.01.05|Dark Reading|[[SolarWinds Hit With Class-Action Lawsuit Following Orion Breach|https://www.darkreading.com/threat-intelligence/solarwinds-hit-with-class-action-lawsuit-following-orion-breach/d/d-id/1339831]]|
|2021.01.04|Security Week|[[Over 250 Organizations Breached via SolarWinds Supply Chain Hack: Report|https://www.securityweek.com/over-250-organizations-breached-solarwinds-supply-chain-hack-report]]|
|2021.01.04|The Telegraph|[[SolarWinds Hack 'May Have Started in Eastern Europe', US Investigators Believe|https://www.telegraph.co.uk/technology/2021/01/04/solarwinds-hack-may-have-started-eastern-europe-us-investigators/]]|
|2021.01.03|Romain du Marais[img[iCSF/flag_fr.png]]|[[Décryptage : Finir 2020 avec un énorme piratage - SolarWinds et FireEye|https://www.youtube.com/watch?v=_mb32hajks4]]|
|2021.01.02|New York Times|[[As Understanding of Russian Hacking Grows, So Does Alarm|https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html]]|
|2020.12.31|//Palo Alto Networks//|[[Cortex XDR: Fortify the SOC Against SolarStorm, Variants and Imitators|https://blog.paloaltonetworks.com/2020/12/cortex-solarstorm-variants-imitators/]]|
|2020.12.31|//XM Cyber//|[[Lessons Learned from the SolarWinds SUNBURST Attack|https://www.xmcyber.com/lessons-learned-from-the-solarwinds-sunburst-attack/]]|
|2020.12.29|//CyCognito//|[[SUNBURST exposes supply chain security risks|https://www.cycognito.com/blog/cyber-risks-and-the-importance-of-attack-surface-management]]|
|2020.12.28|GeekWire|[[How hacked is hacked? Here's a ‘hack scale' to better understand the SolarWinds cyberattacks|https://www.geekwire.com/2020/hacked-hacked-heres-hack-scale-better-understand-solarwinds-cyberattacks/]]|
|2020.12.28|//eSentire//|[[The SolarWinds supply chain compromise|https://www.esentire.com/blog/threat-intelligence-the-solarwinds-compromise]]|
|2020.12.22|//VIPRE//|[[FireEye/SolarWinds/SUNBURST Hack – What You Need to Know|https://www.vipre.com/blog/fireeye-solarwinds-sunburst-hack-what-you-need-to-know/]]|
|2020.12.22|//Cybereason//|[[Cybereason vs. SolarWinds Supply Chain Attack|https://www.cybereason.com/blog/cybereason-vs-solarwinds-supply-chain-attack]]|
|2020.12.21|Wall Street Journal|[[SolarWinds Hack Hit Office Home to Top Treasury Department Officials|https://www.wsj.com/articles/barr-points-finger-at-russia-for-solarwinds-hack-11608573971]]|
|2020.12.18|//Shared Assessments//|[[Resolve to Prepare for Supply Chain Cyber Attacks with Better Vendor Risk Management Practices in 2021|https://sharedassessments.org/blog/resolve-to-prepare-for-supply-chain-cyber-attacks-with-better-vendor-risk-management-practices-in-2021/]]|
|2020.12.17|//FireEye//|[[DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors|https://www.fireeye.com/blog/products-and-services/2020/12/how-mandiant-tracks-uncategorized-threat-actors.html]]|
|2020.12.17|Security Week|[[Supply Chain Attack: CISA Warns of New Initial Attack Vectors Posing 'Grave Risk'|https://www.securityweek.com/supply-chain-attack-cisa-warns-new-initial-attack-vectors-posing-grave-risk]]
|2020.12.17|Fedscoop|[[SolarWinds recap: All of the federal agencies caught up in the Orion breach|https://www.fedscoop.com/solarwinds-recap-federal-agencies-caught-orion-breach/]]|
|2020.12.17|Reuters|[[Exclusive : Microsoft Breached in Suspected Russian Hack Using SolarWinds|https://www.reuters.com/article/global-cyber-microsoft-exclusive-int-idUSKBN28R3BW]]|
|2020.12.17|The Intercept|[[Russian Hackers Have Been Inside Austin City Network for Months|https://theintercept.com/2020/12/17/russia-hack-austin-texas/]]|
|2020.12.16|GeekWire|[[Microsoft unleashes ‘Death Star' on SolarWinds hackers in extraordinary response to breach|https://www.geekwire.com/2020/microsoft-unleashes-death-star-solarwinds-hackers-extraordinary-response-breach/]]|
|2020.12.15|Wall Street Journal|[[Suspected Russian Cyberattack Began With Ubiquitous Software Company|https://www.wsj.com/articles/suspected-russian-cyberattack-began-with-a-little-known-but-ubiquitous-software-company-11608036495]]|
|2020.12.15|Security Week|[[Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank|https://www.securityweek.com/group-behind-solarwinds-hack-bypassed-mfa-access-emails-us-think-tank]]|
|2020.12.14|Reuters|[[Scope of Russian Hack Becomes Clear : Multiple U.S. Agencies Were Hit|https://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html]]|
|2020.12.14|Reuters|[[Suspected Russian Hackers Spied on U.S. Treasury Emails|https://www.reuters.com/article/us-usa-cyber-treasury-exclusive-idUSKBN28N0PG]]|
|2020.12.14|Reuters|[[Suspected Russian Hackers Breached U.S. Department of Homeland Security|https://www.reuters.com/article/us-global-cyber-usa-dhs-idUSKBN28O2LY]]|
|2020.12.14|Reuters|[[Global Security Teams Assess Impact of Suspected Russian Cyber Attack|https//www.reuters.com/article/us-usa-cyber-treasury-britain-idUSKBN28O1K3]]|
|2020.12.14|Lawfare|[[Quick Thoughts on the Russia Hack|https://www.lawfareblog.com/quick-thoughts-russia-hack]]|
|2020.12.14|Lawfare|[[The SolarWinds Breach: Why Your Work Computers Are Down Today|https://www.lawfareblog.com/solarwinds-breach-why-your-work-computers-are-down-today]]|
|2020.12.14|The Register|[[Backdoored SolarWinds Software, Linked to US Govt Hacks, in Wide Use throughout the British Public Sector|https://www.theregister.com/2020/12/14/solarwinds_public_sector/]]|
|2020.12.13|New York Times|[[Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect|https://www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html]]|
|2020.12.08|Reuters|[[U.S. Cybersecurity Firm FireEye Discloses Breach, Theft of Hacking Tools|https://www.reuters.com/article/us-fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-hacking-tools-idUSKBN28I31E]]|
!Outils et codes d'exploitation disponibles
|>|>|>|bgcolor:#F5DF4D;Ce fond indique des mises à jour du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|bgcolor:#F5DF4D;2021.02.16|//NetreseC//|[[SunburstDomainDecoder v2.0|https://www.netresec.com/files/SunburstDomainDecoder.zip]] (zip)|
|>|>|>||
|2021.01.12|//FireEye//|[[Mandiant Azure AD Investigator: Focusing on UNC2452 TTPs|https://github.com/fireeye/Mandiant-Azure-AD-Investigator]]|
|>|>|>||
|2021.01.07|//SentinelOne//|[[SolarWinds Countermeasures|https://github.com/SentineLabs/SolarWinds_Countermeasures]]|
|>|>|>||
|2020.12.24|CISA|![[Sparrow.ps1|https://github.com/cisagov/Sparrow]] aide à détecter des comptes et des applications potentiellement compromis dans l'environnement Azure/M365|
|2020.12.24|//CrowdStrike//|![[CrowdStrike Reporting Tool for Azure (CRT)|https://github.com/CrowdStrike/CRT]]|
|2020.12.24|//SolarWinds//|![[Mitigate-TestAction.ps1|https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip]] met à jour la 'web.config' pour contrer l'exploitation de code à distance (RCE) via TestAction (script powershell à extraire) |
|>|>|>||
|2020.12.22|//True Sec//|[[Sunburst Decoder|https://github.com/Truesec/sunburst-decoder]]|
|>|>|>||
|2020.12.16|Rohit Bansal|[[subdomain & #DGA domain names, #SolarWinds, attacked by #UNC2452 @0xrb|https://pastebin.com/6EDgCKxd]]|
|>|>|>||
|2020.12.15|//Microsoft//|[[Outil de détection Microsoft|https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml]]|
|2020.12.15|//QiAnXin//|[[SunBurst DGA Decode Script|https://github.com/RedDrip7/SunBurst_DGA_Decode]]|
|>|>|>|!|
|2017.11.27|//CyberArk//|[[shimit|https://github.com/cyberark/shimit]] : script en python tool qui lance l'attaque 'Golden SAML'|
!Indicateurs de compromission/IOCs et marqueurs disponibles
|>|>|>|bgcolor:#F5DF4D;Ce fond indique des mises à jour du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|2021.01.17|//WhoisXML API//|![[Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs|http://www.circleid.com/posts/20210117-cyberthreat-intel-analysis-expansion-of-solarwinds-identified-iocs/]] |
|>|>|>|!|
|2021.01.11|//CrowdStrike//|![[SUNSPOT: An Implant in the Build Process|https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/]] |
|2021.01.11|Malpedia|![[Kazuar|https://malpedia.caad.fkie.fraunhofer.de/details/win.kazuar]] ([[règles YARA|https://malpedia.caad.fkie.fraunhofer.de/yara/win.kazuar]])|
|>|>|>|!|
|2021.01.07|CISA|![[AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations|https://us-cert.cisa.gov/ncas/alerts/aa20-352a]] (mise à jour) |
|>|>|>|!|
|2021.01.04|Itay Cohen|[[SUNBURST Cracked|https://github.com/ITAYC0HEN/SUNBURST-Cracked]]: Sunburst modified version of the malicious backdoor in a class named OrionImprovementBusinessLayer, decompiled with some modifications|
|>|>|>|!|
|2020.12.29|Jin Wook Kim|[[CVE-2020-10148 SolarWinds Orion local file disclosure & PoC (Tested)|https://twitter.com/wugeej/status/1343792263806164997?s=21]]|
|2020.12.29|0xsha|[[Solarwinds_Orion_LFD.py|https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965]]: Code de démonstration CVE-2020-10148|
|>|>|>|!|
|2020.12.23|//Palo Alto Networks//|![[A Timeline Perspective of the SolarStorm Supply-Chain Attack|https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/]] |
|2020.12.22|etlownoise|[[fakesunburst: Defanged version of sunburst backdoor|https://github.com/etlownoise/fakesunburst]]|
|2020.12.22|//Checkpoint Software//|[[SUNBURST, TEARDROP and the NetSec New Normal|https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal/]]|
|>|>|>|!|
|2020.12.19|Bleeping Computer|[[The SolarWinds cyberattack: The hack, the victims, and what we know|https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the-hack-the-victims-and-what-we-know/]]|
|2020.12.18|//Microsoft//|[[Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers|https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/]]|
|2020.12.18|//Sentinel One//|[[SolarWinds SUNBURST Backdoor: Inside the APT Campaign|https://labs.sentinelone.com/solarwinds-sunburst-backdoor-inside-the-stealthy-apt-campaign/]]|
|2020.12.17|CISA|![[AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations|https://us-cert.cisa.gov/ncas/alerts/aa20-352a]] |
|2020.12.17|//Palo Alto Networks//|[[SUPERNOVA: A Novel .NET Webshell|https://unit42.paloaltonetworks.com/solarstorm-supernova/]]|
|2020.12.17|//McAfee//|[[Additional Analysis into the SUNBURST Backdoor|https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/]]|
|2020.12.16|//Reversing Labs//|[[SunBurst: the next level of stealth|https://blog.reversinglabs.com/blog/sunburst-the-next-level-of-stealth]]|
|2020.12.16|Rohit Bansal|[[subdomain & #DGA domain names, #SolarWinds, attacked by #UNC2452 @0xrb|https://pastebin.com/6EDgCKxd]]|
|2020.12.15|OS Context|[[SUNBURST: Unredacted pDNS information available|https://ioc.oscontext.io/]]|
|2020.12.15||[[SolarWinds/SunBurst FNV-1a-XOR hash founds analysis|https://docs.google.com/spreadsheets/d/1u0_Df5OMsdzZcTkBDiaAtObbIOkMa5xbeXdKk_k0vWs/edit#gid=0]]|
|2020.12.15|//Symantec//|[[Sunburst: Supply Chain Attack Targets SolarWinds Users|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sunburst-supply-chain-attack-solarwinds]]|
|2020.12.15|//Sophos//|[[Threathunt for the Solarwinds Compromise|https://github.com/sophos-cybersecurity/solarwinds-threathunt]]|
|2020.12.15|//Netskope//|[[Netskope Threat Coverage: SUNBURST & FireEye Red Team (Offensive Security) Tools|https://www.netskope.com/blog/netskope-threat-coverage-sunburst-fireeye-red-team-offensive-security-tools]]|
|2020.12.15|//Picus Security//|[[Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds Breach|https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach]]|
|2020.12.15|//Elastic|[[Elastic Security provides free and open protections for SUNBURST|https://www.elastic.co/fr/blog/elastic-security-provides-free-and-open-protections-for-sunburst]]|	
|2020.12.15|Pastebin|[[Compromised systems according to RedDrip|https://pastebin.com/raw/G7mnW5Zk]]|
|2020.12.14|John Bambenek|[[Sunburst Indicators|https://github.com/bambenek/research/tree/main/sunburst]]|
|2020.12.14|//Volexity//|![[Dark Halo Leverages SolarWinds Compromise to Breach Organizations|https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/]]|
|2020.12.14|//Cado Security//|[[Responding to Solarigate|https://www.cadosecurity.com/post/responding-to-solarigate]]|
|2020.12.14|//Sophos//|[[TEARDROP IOCs|https://github.com/sophos-cybersecurity/solarwinds-threathunt/blob/master/iocs.csv]]|
|2020.12.13|Malware Bazaar|[[sunburst|https://bazaar.abuse.ch/browse.php?search=tag%3Asunburst]] (@@màj: 28.12.2020@@)|
|2020.12.13|//Microsoft//|![[Customer Guidance on Recent Nation-State Cyber Attacks|https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/]] |
|2020.12.13|//FireEye//|![[FireEye Mandiant SunBurst Countermeasures|https://github.com/fireeye/sunburst_countermeasures]]|
|2020.12.13|Joe Slowik|[[CNAME records associated with the #SUNBURST malware C2 beacon via @DomainTools Iris|https://twitter.com/jfslowik/status/1338321984527228928]] ([[pastebin|https://pastebin.com/T0SRGkWq]]))|
|>|>|>|!|
|2020.12.12|//FireEye//|[[Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor|https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html]]|
|2020.12.11|//Picus Security//|[[It is Time to Take Action - How to Defend Against FireEye's Red Team Tools|https://www.picussecurity.com/resource/blog/how-to-defend-against-fireeye-s-red-team-tools]]|
|2020.12.10|//Picus Security//|[[Tactics, Techniques and Procedures (TTPs) Utilized by FireEye's Red Team Tools|https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools]]|
|2020.12||[[SunBurst2|https://docs.google.com/spreadsheets/d/1fpyFt0GL2Swxn0Ihw43eu-kM7HlJXni0EvFYqqMRTz8/edit#gid=339435444]]|
|>|>|>|!|
!Source: MITRE ATT&CK [[G0118|https://attack.mitre.org/groups/G0118/]]
{{ss2col{
* [[T1003|https://attack.mitre.org/techniques/T1003]] OS Credential Dumping: DCSync
* [[T1005|https://attack.mitre.org/techniques/T1005]] Data from Local System
* [[T1018|https://attack.mitre.org/techniques/T1018]] Remote System Discovery
* [[T1021|https://attack.mitre.org/techniques/T1021]] Remote Services: Windows Remote Management
* [[T1027|https://attack.mitre.org/techniques/T1027]] Obfuscated Files or Information
* [[T1036|https://attack.mitre.org/techniques/T1036]] Masquerading
* [[T1047|https://attack.mitre.org/techniques/T1047]] Windows Management Instrumentation
* [[T1048|https://attack.mitre.org/techniques/T1048]] Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
* [[T1053|https://attack.mitre.org/techniques/T1053]] Scheduled Task/Job: Scheduled Task
* [[T1057|https://attack.mitre.org/techniques/T1057]] Process Discovery
* [[T1059|https://attack.mitre.org/techniques/T1059]] Command and Scripting Interpreter: PowerShell
* [[T1069|https://attack.mitre.org/techniques/T1069]] Permission Groups Discovery
* [[T1070|https://attack.mitre.org/techniques/T1070]] Indicator Removal on Host
* [[T1071|https://attack.mitre.org/techniques/T1071]] Application Layer Protocol: Web Protocols
* [[T1074|https://attack.mitre.org/techniques/T1074]] Data Staged: Remote Data Staging
* [[T1078|https://attack.mitre.org/techniques/T1078]] Valid Accounts
* [[T1082|https://attack.mitre.org/techniques/T1082]] System Information Discovery
* [[T1083|https://attack.mitre.org/techniques/T1083]] File and Directory Discovery
* [[T1087|https://attack.mitre.org/techniques/T1087]] Account Discovery
* [[T1090|https://attack.mitre.org/techniques/T1090]] Proxy: Internal Proxy
* [[T1098|https://attack.mitre.org/techniques/T1098]] Account Manipulation: Exchange Email Delegate Permissions
* [[T1105|https://attack.mitre.org/techniques/T1105]] Ingress Tool Transfer
* [[T1114|https://attack.mitre.org/techniques/T1114]] Email Collection: Remote Email Collection
* [[T1140|https://attack.mitre.org/techniques/T1140]] Deobfuscate/Decode Files or Information
* [[T1190|https://attack.mitre.org/techniques/T1190]] Exploit Public-Facing Application
* [[T1195|https://attack.mitre.org/techniques/T1195]] Supply Chain Compromise: Compromise Software Supply Chain
* [[T1218|https://attack.mitre.org/techniques/T1218]] Signed Binary Proxy Execution: Rundll32
* [[T1482|https://attack.mitre.org/techniques/T1482]] Domain Trust Discovery
* [[T1484|https://attack.mitre.org/techniques/T1484]] Domain Policy Modification: Domain Trust Modification
* [[T1546|https://attack.mitre.org/techniques/T1546]] Event Triggered Execution: Windows Management Instrumentation Event Subscription
* [[T1550|https://attack.mitre.org/techniques/T1550]] Use Alternate Authentication Material
* [[T1552|https://attack.mitre.org/techniques/T1552]] Unsecured Credentials: Private Keys
* [[T1553|https://attack.mitre.org/techniques/T1553]] Subvert Trust Controls: Code Signing
* [[T1555|https://attack.mitre.org/techniques/T1555]] Credentials from Password Stores
* [[T1558|https://attack.mitre.org/techniques/T1558]] Steal or Forge Kerberos Tickets: Kerberoasting
* [[T1560|https://attack.mitre.org/techniques/T1560]] Archive Collected Data: Archive via Utility
* [[T1562|https://attack.mitre.org/techniques/T1562]] Impair Defenses: Disable or Modify System Firewall
* [[T1568|https://attack.mitre.org/techniques/T1568]] Dynamic Resolution
* [[T1587|https://attack.mitre.org/techniques/T1587]] Develop Capabilities: Malware
* [[T1606|https://attack.mitre.org/techniques/T1606]] Forge Web Credentials: Web Cookies
}}}
<<tiddler [[2020.06.05 - Vers un Cloud souverain européen avec GAIA-X ?]]>>
[img(75%,1px)[iCSF/BluePixel.gif]]
Extrait d'un micro-article d'Arnaud Alcabez sur LinkedIN//
<<<
[>img(500px,auto)[iCSF/L1GAIA.jpg]]Vocabulaire GAIA-X donné durant la plénière du French GAIA-X Hub.
* Un "Data Space" est constitué de deux unités de base : Les objets et les infrastructures.
** Voici quelques "Data Spaces" : Énergie, Mobilité, Santé, Finance, Aérospatial, Green Deal. (L'Agriculture n'a pas été citée).
* Les "Data Spaces" sont sectoriels dans un premier temps et à plus long terme, transversaux. Leur substrat : L’échange – et la valorisation – de données dans un contexte "souverain".
* Contexte "Souverain" : La capacité des propriétaires de données à en disposer pleinement. C’est-à-dire de décider à la fois de leur localisation, de qui peut les traiter et à quelles fins.
* Chaque "Data Space" compte à sa tête un "Préfigurateur" dont l'objectif est de mettre sur pied un groupe de travail. Il réunit des entreprises intéressées, puis dialogue avec les acteurs de la filière industrielle du cloud.
* Chaque "Data Space" doit disposer d'objets en "Jumeaux Numériques" (digital twins), c'est à dire des objets de l’écosystème qui seront traités indifféremment par les infrastructures.
* Les "Data Spaces" pourront être reliés par "Jonctions", comme par exemple entre les "Data Spaces" « Énergie » et « Mobilité ». La "Jonction" sera définie par un "Comité au niveau européen" dont la construction reste à l’étude.
<<<
//(source: Arnaud Alcabez)
<<tiddler [[2021.02.28 - Veille - Février 2021]]>>
* 2021.''07.22'' → distanciel/online • SecurityWeek [[Cloud Security Summit|https://www.securityweek.com/securityweek-announces-virtual-cybersecurity-event-schedule-2021]]
* 2021.''11.23 & 24'' → "Cloud & Cyber Security Expo" • Paris Porte de Versailles
/% * 2021.''03.03'' → distanciel/online • ''[[Google Cloud Security Talks|https://cloudonair.withgoogle.com/events/security-talks-march-2021]]''
* 2021.''04.13 & 14'' → distanciel/online • ''EMEA Summit, Secure the Cloud Across Borders'' %/
103
14 février 2021
February 14th, 2021
<<tiddler [[2021.02.14 - Newsletter #103]]>>
[>img[iCSF/SolarWinds.jpg]]{{floatC{@@color:#00F;Dernière mise à jour le ''10 février 2021'' • Last update on ''February 10th, 2021''@@}}}
<<tabs tSolar 'Synthèse' '' [[KSolarExec]] 'Chronologie' '' [[KSolarChrono]] 'Cibles initiales' '' [[KSolarTargets]] 'Vecteurs' '' [[KSolarVectors]] 'Victimes' '' [[KSolarVictims]] 'Sources Officielles' '' [[KSolarOfficial]] 'Sources Primaires' '' [[KSolarPrimary]] 'Sources Secondaires' '' [[KSolarSecondary]] 'Autres' '' [[KSolarOthers]] 'Outils' '' [[KSolarTools]] 'IOCs' '' [[KSolarIOCs]]>><<tiddler [[arOund0C]]>>
<<tiddler [[Prochain CCSK en français]]>>
<<tiddler fFormCCSK with: 'lundi 10 mars 2021' 'lundi 10 et mardi 11 mars 2021' 'lundi 10, mardi 11 et mercredi 12 mars 2021'>>
<<tiddler [[2021.02.10 - Actu : Point de situation sur l'incident SolarWinds/SolarStorm]]>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202103>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202103>>
<<tiddler fAll2Tabs10 with: VeilleM","_202103>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - mars 2021]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202103>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - mars 2021]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - mars 2021]]>><<tiddler fAll2LiTabs13end with: 'Actu","202103'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202103'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - mars 2021]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202103'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - mars 2021]]>>
Aucun article pour le moment/%
!//§TITLE§//
[>img(150px,auto)[iCSA/§IMG§.jpg]]^^Article publié le §DD-XX§ mars 2021 sur le blog de la CSA, et sur le site de §SITE§ le §DD-TBD§ §MM-TBD§ 2021
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/03/§DD-XX§/§sURL-TBD§/ /% ''[[CloudSecurityAlliance.fr/go/§sGO-CSA§/|https://CloudSecurityAlliance.fr/go/§GO-CSA§/]]'' 
* Site §SITE-TBD§ ⇒ https://§URL-SITE§/ /% ''[[CloudSecurityAlliance.fr/go/§sGO-SITE§/|https://CloudSecurityAlliance.fr/go/§sGO-SITE§/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
%/
|>|<<tiddler [[2021.03.07 - Weekly Newsletter Hebdomadaire #106]]>> |
|>|<<tiddler [[2021.03.07 - Veille Hebdomadaire - 07 mars]]>>|
!Newsletter Hebdomadaire / Weekly Newsletter • 1 au 7 mars 2021 / March 1st to 7th, 2021
!!1 -  Informations CSA / CSA News and Updates

* Actu / News: Bilan / Status ''[[SolarWinds/SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Formation / Training[img[iCSF/flag_fr.png]]: session CCSK en mars / Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
+++*[»]> <<tiddler [[]]>>=== 
!!2 - Veille / News Watch ([[50+ liens / 50+ links|2021.03.07 - Veille Hebdomadaire - 03 mars]])

* __À lire / Must Read__
** ''

* __Rapports / Reports__
** ''

* __Cloud Services Providers__
** AWS
** Azure
** GCP
** Kubernetes
** Docker & Containers

* __Autres Veilles / Other News Watch__
** TL;DR Security # • The Cloud Security Reading List #

* __Podcasts__
** ''

* __Marché / Market__
** ''

* __Acquisitions__
** ''

* __Divers / Miscellaneous__
** ''

!!3 - Agenda
<<tiddler AgendaFR+EN>>
!!4 - Lien direct / Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/L2L/|https://CloudSecurityAlliance.fr/go/L2L/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 07 mars 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!§MM-FR§|!Sources|!Titres et Liens|
|>|>|>|!À lire / Must read |
|>|>|>||
|>|>|!Menaces / Threats |
|>|>||
|>|>|!Bonnes Pratiques / Best Practices |
|>|>||
|>|>|!Rapports / Reports |
|>|>||
|>|>|!Cloud Services Providers |
|>|>|''AWS (Amazon)'' |
|>|>|''Azure (Microsoft)'' |
|>|>|''GCP (Google)'' |
|>|>|''Kubernetes'' |
|>|>|''Docker'' |
|>|>|''Containers'' |
|>|>||
|>|>|!Veilles hebdomadaires 'Cloud et Sécurité' / Weekly 'Cloud and Security' Watch |
|>|>||
|>|>|!Podcasts |
|>|>||
|>|>|!Réglementation / Regulatory |
|>|>||
|>|>|!Marché / Market |
|>|>||
|>|>|!Acquisitions |
|>|>||
|>|>|!Divers / Miscellaneous |
<<tiddler [[arOund0C]]>>
<<tiddler [[2021.02.Actu]]>>
<<tiddler [[2021.02.28 - Alertes]]>>
<<tiddler [[2021.02.Blog]]>>
<<tiddler [[2021.02.News]]>>
<<tiddler [[2021.02.Publ]]>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202102>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202102>>
<<tiddler fAll2Tabs10 with: VeilleM","_202102>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - février 2021]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202102>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - février 2021]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - février 2021]]>><<tiddler fAll2LiTabs13end with: 'Actu","202102'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202102'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - février 2021]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202102'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - février 2021]]>>
!//​​CSA STAR Attestation and STAR Certification Case Studies//
[>img(150px,auto)[iCSA/L2SBC.png]]^^Article publié le 28 février 2021 sur le blog de la CSA
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/28/csa-star-attestation-and-star-certification-case-studies/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//​2020 Hindsight and 2021 Foresight: Lessons Learned in the Work From Home Era//
[>img(150px,auto)[iCSA/L2QB2.jpg]]^^Article publié le 26 février 2021 sur le blog de la CSA, et le 23 février sur le site de CloudVector
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/26/2020-hindsight-and-2021-foresight-lessons-learned-in-the-work-from-home-era/
* Site CloudVector ⇒ https://www.cloudvector.com/2020-hindsight-and-2021-foresight-lessons-learned-in-the-work-from-home-era/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//How to Secure Your CDE and Achieve PCI DSS Compliance//
[>img(150px,auto)[iCSA/L2IBH.jpg]]^^Article publié le 18 février 2021 sur le blog de la CSA et le 31 janvier 2021 sur celui de la société TokenEx.
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/18/how-to-secure-your-cde-and-achieve-pci-dss-compliance/
* Site TokenEx → https://www.tokenex.com/blog/how-to-secure-your-cde-and-achieve-pci-dss-compliance
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//How to choose a Zero Trust architecture: SDP or Reverse-Proxy?//
[>img(150px,auto)[iCSA/L2FBH.jpg]]^^Article publié le 15 février 2021 sur le blog de la CSA et le 19 octobre 2020 sur celui de la société Wandera.
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/15/how-to-choose-a-zero-trust-architecture-sdp-or-reverse-proxy/
* Site Wandera → https://www.wandera.com/how-to-choose-a-zero-trust-network-access-architecture-software-defined-perimeter-or-reverse-proxy/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Abuse in the Cloud//
[>img(150px,auto)[iCSA/L2CBA.jpg]]^^Article publié le 12 février 2021 sur le blog de la CSA et sur celui de la société Salesforce.
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/12/abuse-in-the-cloud/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//What is 3-D Secure Authentication, and Why Do I Need It?//
[>img(150px,auto)[iCSA/L2BBW.jpg]]^^Article publié le 11 février 2021 sur le blog de la CSA et le 9 novembre 2020 sur celui de la société TokenEx
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/11/what-is-3-d-secure-authentication-and-why-do-i-need-it/
* Site TokenEx → https://www.tokenex.com/blog/what-is-3-d-secure-authentication-and-why-do-i-need-it
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Give us your feedback on potential CPE course topics//
[>img(150px,auto)[iCSA/L29BG.jpg]]^^Article publié le 9 février 2021 sur le blog de la CSA
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/08/give-us-your-feedback-on-potential-cpe-course-topics/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//How to avoid the biggest mistakes with your SaaS security//
[>img(150px,auto)[iCSA/L28BH.jpg]]^^Article publié le 8 février 2021 sur le blog de la CSA et le 27 janvier 2021 sur celui de la société Wandera
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/08/how-to-avoid-the-biggest-mistakes-with-your-saas-security/
* Site Wandera → https://www.wandera.com/how-to-avoid-the-biggest-mistakes-with-your-saas-security/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Benefits of the CCSK in Your Job Search//
[>img(150px,auto)[iCSA/L27BB.png]]^^Article publié le 8 février 2021 sur le blog de la CSA
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/07/benefits-of-the-ccsk-in-your-job-search/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//3 Data Strategies that will be Critical for Surviving 2021//
[>img(150px,auto)[iCSA/L25BT.jpg]]^^Article publié le 5 février 2021 sur le blog de la CSA
* Lien ⇒ https://cloudsecurityalliance.org/blog/2021/02/05/3-data-strategies-that-will-be-critical-for-surviving-2021/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Cloud Security Alliance Announces 2021 CSA Research Fellows//
[>img(150px,auto)[iCSF/cloud-security-alliance.png]]^^Communiqué de presse publié le 4 février 2021
* Lien → https://cloudsecurityalliance.org/press-releases/2021/02/04/cloud-security-alliance-announces-2021-csa-research-fellows/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Transitioning Traditional Apps into the Cloud//
[>img(150px,auto)[iCSA/L23BT.jpg]]^^Article publié le 3 février 2021 sur le blog de la CSA et sur le blog de la société Intezer
* Lien → https://cloudsecurityalliance.org/blog/2021/02/03/transitioning-traditional-apps-into-the-cloud/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//2020 Hindsight and 2021 Foresight – Lessons Learned and Predictions for the Velocity of Business//
[>img(150px,auto)[iCSA/L21B2.jpg]]^^Article publié le 1er février 2021 sur le blog de la CSA, et sur le site de CloudVector
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/01/2020-hindsight-and-2021-foresight-lessons-learned-and-predictions-for-the-velocity-of-business/
* Site CloudVector ⇒ https://www.cloudvector.com/2020-hindsight-and-2021-foresight-lessons-learned-and-predictions-for-the-velocity-of-business/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

|>|<<tiddler [[2021.02.28 - Weekly Newsletter Hebdomadaire #105]]>> |
|>|<<tiddler [[2021.02.28 - Veille Hebdomadaire - 28 février]]>>|
!Newsletter Hebdomadaire / Weekly Newsletter • 22 au 28 février 2021 / February 22th to 28th, 2021
!!1 -  Informations CSA / CSA News and Updates

* Actu / News: Bilan / Status ''[[SolarWinds/SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Formation / Training[img[iCSF/flag_fr.png]]: session CCSK en mars / Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
+++*[»]> <<tiddler [[]]>>=== 
!!2 - Veille / News Watch ([[50+ liens / 50+ links|2021.02.28 - Veille Hebdomadaire - 02 février]])

* __À lire / Must Read__
** '' ''
2021.02.25 - Publication : 'Confidence in Post Quantum Algorithms'

* __Rapports / Reports__
** '' ''

* __Cloud Services Providers__
** AWS
** Azure
** GCP
** Kubernetes
** Docker & Containers

* __Autres Veilles / Other News Watch__
** TL;DR Security # • The Cloud Security Reading List #

* __Podcasts__
** '' ''

* __Marché / Market__
** '' ''

* __Acquisitions__
** '' ''

* __Divers / Miscellaneous__
** '' ''

!!3 - Agenda
<<tiddler AgendaFR+EN>>
!!4 - Lien direct / Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/L2L/|https://CloudSecurityAlliance.fr/go/L2L/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 28 février 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Février|!Sources|!Titres et Liens|
|>|>|>|!À lire / Must read |
|>|>|>||
|>|>|!Menaces / Threats |
|>|>|!Attaques / Attacks |
|2021.02.26|[[Kaiji Goes Through Update but Code Reuse Detects It|https://www.intezer.com/blog/cloud-security/kaiji-goes-through-update-but-code-reuse-detects-it/]]|
|>|>||
|>|>|!Bonnes Pratiques / Best Practices |
|>|>||
|>|>|!Rapports / Reports |
|2021.02.25|//Check Point Research//|[[Helping You Immunize Your Organization Against the Cyber Pandemic: Check Point Research’s 2021 Security Report|https://research.checkpoint.com/2021/helping-you-immunize-your-organization-against-the-cyber-pandemic-check-point-researchs-2021-security-report/]]|
|2021.02.25|//Check Point Research//| → [[2021 Security Report|https://pages.checkpoint.com/cyber-security-report-2021.html]]|
|2021.02.25|//Intezer//|[[Year of the Gopher: 2020 Go Malware Round-Up|https://www.intezer.com/blog/malware-analysis/year-of-the-gopher-2020-go-malware-round-up/]]|
|2021.02.25|//Radware//|[[Digital Threat Actors: Organized Criminals|https://blog.radware.com/security/2021/02/digital-threat-actors-organized-criminals/]]|
|>|>||
|>|>|!Cloud Services Providers |
|>|>|''AWS (Amazon)'' |
|2021.02.24|SANS Handlers Diary|![[Forensicating Azure VMs|https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/]] |
|>|>|''Azure (Microsoft)'' |
|2021.02.25|SANS Handlers Diary|![[Forensicating Azure VMs|https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/]] |
|>|>|''GCP (Google)'' |
|>|>|''Kubernetes'' |
|>|>|''Docker'' |
|>|>|''Containers'' |
|>|>||
|>|>|!Veilles hebdomadaires 'Cloud et Sécurité' / Weekly 'Cloud and Security' Watch |
|>|>||
|>|>|!Podcasts |
|>|>||
|>|>|!Réglementation / Regulatory |
|>|>||
|>|>|!Marché / Market |
|>|>||
|>|>|!Acquisitions |
|>|>||
|>|>|!Divers / Miscellaneous |
<<tiddler [[arOund0C]]>>
!"//Confidence in Post Quantum Algorithms//"
[>img(200px,auto)[iCSA/L2PPC.png]]Publication du 25 février 2021
<<<
//NIST made the recent announcement of its Round 3 candidates for future post-quantum cryptography or quantum safe standards. As the world prepares to transition to post-quantum cryptography, it is essential to understand how much analysis has been done on the security of the individual post quantum algorithms and classes of algorithms.

The focus of this note is on the cryptanalytic and mathematical research that adds to building meaningful confidence in the algorithm's security as evidenced in publications. This is not analysis about implementation, performance nor application to protocols.//
<<<
!!!Liens
* Annonce et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/confidence-in-post-quantum-algorithms/
* Blog ⇒ https://cloudsecurityalliance.org/blog/2021/02/25/building-confidence-in-quantum-resistant-algorithms-how-much-analysis-is-needed/
* Téléchargement ⇒ https://cloudsecurityalliance.org/download/artifacts/confidence-in-post-quantum-algorithms/
/% |[[AWS Exposable Resources|https://github.com/SummitRoute/aws_exposable_resources]]|//Scott Piper//|Resource types that can be publicly exposed on AWS| |2021.02.21|Marco Lancini|[[Security Logging in Cloud Environments - AWS|https://www.marcolancini.it/2021/blog-security-logging-cloud-environments-aws/]]| |2021.02.24|InfoSecurity Mag|[[Legal Firm Leaks 15,000 Cases Via the Cloud|https://www.infosecurity-magazine.com/news/legal-firm-leaks-15000-cases-via/]]| |2021.02.24|//Google Cloud//|#248 [[Cloud Spanner Revisited with Dilraj Kaur and Christoph Bussler|https://www.gcppodcast.com/post/episode-248-cloud-spanner-revisited-with-dilraj-kaur-and-christoph-bussler/]] ([[podcast|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.248.mp3]], [[transcript|]])| |2021.02.24|Security and Cloud 24/7|[[Modern cloud virtualization|https://security-24-7.com/modern-cloud-virtualization/]]| |2021.02.24|TL;DR Sec|[[#72 - Finding Access Control Bugs, Supply Chain Security, Security Logging in AWS|https://tldrsec.com/blog/tldr-sec-072/]]| |2020.05.27|//Google Cloud//|#222 [[Security Operations with Elliott Abraham and Jason Bisson|https://www.gcppodcast.com/post/episode-222-security-operations-with-elliott-abraham-and-jason-bisson/]] ([[podcast|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.222.mp3]], [[transcript|https://www.gcppodcast.com/post/episode-222-security-operations-with-elliott-abraham-and-jason-bisson/]])| |2017.02.22|//Google Cloud//|#62 [[[Cloud Spanner with Deepti Srivastava|https://www.gcppodcast.com/post/episode-62-cloud-spanner-with-deepti-srivastava/]] ([[podcast|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.62.mp3]], [[transcript|https://www.gcppodcast.com/post/episode-62-cloud-spanner-with-deepti-srivastava/]]) CLAM Framework|https://storage.googleapis.com/gcppodcast_files/CLAM%20Framework%20for%20Google%20Cloud.pdf https://cloud.google.com/logging/docs/view/logs-viewer-interface |2021.02.19|//Netskope//|[[Understanding Cloud as an Attack Vector|https://www.netskope.com/blog/understanding-cloud-as-an-attack-vector]]| |2021.02.24|//Netskope//|[[Netskope Research Finds Majority of Malware Now Delivered via Cloud Apps|https://www.prnewswire.com/news-releases/netskope-research-finds-majority-of-malware-now-delivered-via-cloud-apps-301234270.html]]| |2021.02.24|//Netskope//| → [[February 2021 Netskope Cloud and Threat Report| https://www.netskope.com/netskope-threat-labs/cloud-threat-report&a=%C2%A0Netskope+Cloud+and+Threat+Report |2021.02.24|Dark Reading|[[61% of Malware Delivered via Cloud Apps: Report|https://www.darkreading.com/operations/61--of-malware-delivered-via-cloud-apps-report/d/d-id/1340251]]| |2021.02.19|//AVAR//|[[Understanding Cloud as an Attack Vector|https://aavar.org/index.php/cloud-as-an-attack-vector/]]| |[[https://www.netskope.com/netskope-threat-labs |[[https://www.netskope.com/netskope-threat-labs/cloud-threat-report %/
|>|<<tiddler [[2021.02.21 - Weekly Newsletter Hebdomadaire #104]]>> |
|>|<<tiddler [[2021.02.21 - Veille Hebdomadaire - 21 février]]>>|
!Newsletter Hebdomadaire / Weekly Newsletter • 8 au 14 février 2021 / February 8th to 14th, 2021[>img(100px,auto)[iCSF/Work.gif]]
!!1 -  Informations CSA / CSA News and Updates

* Actu / News: Bilan / Status ''[[SolarWinds/SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Formation / Training[img[iCSF/flag_fr.png]]: session CCSK en mars / Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
* Blog: 'Cloud Security for SaaS Startups'+++*[»]> <<tiddler [[2021.02.19 - Blog : 'Cloud Security for SaaS Startups']]>>=== 
* Inscription / Registration: 'CSA EMEA Summit 2021'+++*[»]> <<tiddler [[2021.02.15 - Annonce du 'CSA EMEA Summit 2021']]>>=== 
!!2 - Veille / News Watch ([[40+ liens / 40+ links|2021.02.21 - Veille Hebdomadaire - 21 février]])

* __À lire / Must Read__
** 'Help Shape ATT&CK for Containers' (MITRE Engenuity)
/%
* __Rapports / Reports__
** ' '

* __Cloud Services Providers__
** AWS
** Azure
** GCP
** Kubernetes
** Docker & Containers

* __Autres Veilles / Other News Watch__
** TL;DR Security # • The Cloud Security Reading List #

* __Podcasts__
** ' '

* __Marché / Market__
** ' '

* __Acquisitions__
** ' '

* __Divers / Miscellaneous__
** ' '
%/
!!3 - Agenda
<<tiddler AgendaFR+EN>>
!!4 - Lien direct / Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/L2L/|https://CloudSecurityAlliance.fr/go/L2L/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 21 février 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Février|!Sources|!Titres et Liens|
|>|>|>|!À lire / Must read |
|2021.02.18|MITRE Engenuity|![[Update: Help Shape ATT&CK for Containers|https://medium.com/mitre-engenuity/update-help-shape-att-ck-for-containers-bfcd24515df5]]|
|>|>|>||
|>|>|!Attaques / Attacks |
|2021.02.15|Bleeping Computer|[[Microsoft will alert Office 365 admins of Forms phishing attempts|https://www.bleepingcomputer.com/news/security/microsoft-will-alert-office-365-admins-of-forms-phishing-attempts/]]|
|2021.02.18|//Dark Trace//|![[Two-factor authentication (2FA) compromised: Microsoft account takeover|https://www.darktrace.com/en/blog/two-factor-authentication-2-fa-compromised-microsoft-account-takeover/]] |
|2021.02.17|BetaNews|[[SolarWinds-style email compromise attacks go mainstream|https://betanews.com/2021/02/17/solarwinds-email-compromise-attacks-mainstream/]]|
|2021.02.17|CSO Online|[[How to defend against OAuth-enabled cloud-based attacks|https://www.csoonline.com/article/3607348/how-to-defend-against-oauth-enabled-cloud-based-attacks.html#tk.rss_cloudsecurity]]|
|>|>|>||
|>|>|!Menaces / Threats |
|2021.02.15|Container Journal|[[As API Threats Multiply, Cybersecurity Lags|https://containerjournal.com/features/as-api-threats-multiply-cybersecurity-lags/]]|
|2021.02.16|//Avanan//|[[Slack and Teams Are The Next Big Vectors. Are You Protected?|https://www.avanan.com/blog/slack-and-teams-are-the-next-big-vectors.-are-you-protected]]|
|2021.02.19|DevOps.com|[[Cloud Misconfigurations Threaten Cloud Migration|https://www.csoonline.com/article/3607348/how-to-defend-against-oauth-enabled-cloud-based-attacks.html#tk.rss_cloudsecurity]]|
|2021.02.19|//Netskope//|[[Understanding Cloud as an Attack Vector|https://www.netskope.com/blog/understanding-cloud-as-an-attack-vector]]|
|>|>||
|>|>|!Bonnes Pratiques / Best Practices |
|2021.02.17|TechBeacon|[[How to make your cloud service cyber resilient|https://techbeacon.com/security/how-make-your-cloud-service-cyber-resilient]]|
|2021.02.17|SD Supra|[[Health Care Organizations and Cloud Service Providers Receive Guidance on Cloud Security Measures|https://www.lexology.com/library/detail.aspx?g=53fb1353-c1da-4a61-bd47-a43632bc2c87]]|
|>|>||
|>|>|!Rapports / Reports |
|>|>||
|>|>|!Cloud Services Providers |
|>|>|''AWS (Amazon)'' |
|2021.02.16|Scott Piper|![[AWS security project ideas|https://summitroute.com/blog/2021/02/16/aws_security_project_ideas/]] |
|2021.02.19|Infosec Write-Ups|[[From AWS S3 Misconfiguration to Sensitive Data Exposure|https://infosecwriteups.com/from-aws-s3-misconfiguration-to-sensitive-data-exposure-784f37a30bf9]]|
|2021.02.19|//Amazon AWS//|[[How to continuously audit and limit security groups with AWS Firewall Manager|https://aws.amazon.com/blogs/security/how-to-continuously-audit-and-limit-security-groups-with-aws-firewall-manager/]]|
|2021.02.18|//Amazon AWS//|[[AWS and EU data transfers: strengthened commitments to protect customer data|https://aws.amazon.com/blogs/security/aws-and-eu-data-transfers-strengthened-commitments-to-protect-customer-data/]]|
|2021.02.19|//Cloudonaut//|[[AWS Client VPN: Connected with the Cloud|https://cloudonaut.io/aws-client-vpn-connected-with-the-cloud/]]|
|>|>|''Azure (Microsoft)'' |
|2021.02.20|//Microsoft Azure//|[[Using KQL to Ingest External Data In Azure Sentinel|https://www.managedsentinel.com/2021/02/20/using-kql-to-ingest-external-data/]]|
|2021.02.16|//Microsoft Azure//|[[Azure Firewall Premium now in preview|https://azure.microsoft.com/blog/azure-firewall-premium-now-in-preview-2/]]|
|2021.02.16|Bleeping Computer| → [[Microsoft releases Azure Firewall Premium in public preview|https://www.bleepingcomputer.com/news/security/microsoft-releases-azure-firewall-premium-in-public-preview/]]|
|2021.02.19|Redmond Mag.|[[Microsoft Previewing Improvements to Azure Front Door and Azure Firewall|https://redmondmag.1105cms01.com/articles/2021/02/18/azure-front-door-and-azure-firewall.aspx]]|
|>|>|''GCP (Google)'' |
|2021.02.17|//Google Cloud//|[[New private cloud networking whitepaper for Google Cloud VMware Engine|https://cloud.google.com/blog/products/compute/a-new-google-cloud-vmware-engine-networking-whitepaper]]|
|2021.02.17|//Google Cloud//| → [[Private cloud networking for Google Cloud VMware Engine|https://services.google.com/fh/files/misc/ciso-guide-to-security-transformation.pdf]] (pdf)|
|2021.02.17|Silicon Angle|[[Google debuts Cloud Domains to help enterprises manage their domain names|https://siliconangle.com/2021/02/17/google-debuts-cloud-domains-help-enterprises-manage-domain-names/]]|
|2021.02.16|//Google Cloud//|![[New whitepaper: CISO’s guide to Cloud Security Transformation|https://cloud.google.com/blog/products/identity-security/cisos-guide-to-cloud-security-transformation]] ([[pdf|https://services.google.com/fh/files/misc/ciso-guide-to-security-transformation.pdf]]) |
|2021.02.16|//Google Cloud//|[[Discover and invoke services across clusters with GKE multi-cluster services|https://cloud.google.com/blog/products/containers-kubernetes/introducing-gke-multi-cluster-services]]|
|>|>|''Kubernetes'' |
|2021.02.20|kloudle|[[CVE-2020–15257 What is it and how does it impact your Docker and Kubernetes environments?|https://medium.com/kloudle/cve-2020-15257-what-is-it-and-how-does-it-impact-your-docker-and-kubernetes-environments-8d27975b9c63]]|
|2021.02.17|Daniel Neumann|[[Cloud Native Club – Kubernetes Policies|https://www.danielstechblog.io/cloud-native-club-kubernetes-policies/]]|
|>|>|''Docker'' |
|>|>|''Containers'' |
|>|>||
|>|>|!Veilles hebdomadaires 'Cloud et Sécurité' / Weekly 'Cloud and Security' Watch |
|2021.02.21|Marco Lancini|[[The Cloud Security Reading List #75|https://cloudseclist.com/issues/issue-75/]]|
|2021.02.17|//Netskope//|[[Cloud Threats Memo: Surprising Findings from Q4 2020 Phishing Trends Report|https://www.netskope.com/blog/cloud-threats-memo-surprising-findings-from-q4-2020-phishing-trends-report]]|
|2021.02.17|TL;DR Security|[[#71 - Securing CI/CD, Electron Security, Growing Your Userbase by Ignoring ‘Virality’|https://tldrsec.com/blog/tldr-sec-071/]]|
|>|>||
|>|>|!Podcasts |
|2021.02.21|Cloud Security Podcast|[[Kubernetes Security at Scale in A CI/CD Pipeline - Michael Fraser|https://anchor.fm/cloudsecuritypodcast/episodes/Kubernetes-Security-at-Scale-in-A-CICD-Pipeline---Michael-Fraser-eqn73p]]|
|>|>||
|>|>|!Réglementation / Regulatory |
|>|>||
|>|>|!Marché / Market |
|>|>||
|>|>|!Acquisitions |
|2021.02.18|//Crowdstrike//|[[CrowdStrike Redefines True XDR With Humio Acquisition|https://www.crowdstrike.com/blog/taking-our-falcon-xdr-platform-further/]]|
|2021.02.18|//Crowdstrike//| → [[CrowdStrike To Acquire Humio|https://www.crowdstrike.com/press-releases/crowdstrike-to-acquire-humio/]]|
|2021.02.18|MSSP Alert| → [[CrowdStrike Acquires XDR, Cloud Log Management Company Humio|https://www.msspalert.com/investments/crowdstrike-acquires-humio/]]|
|2021.02.19|SiliconAngle|[[SailPoint acquires Intello to increase visibility into SaaS apps|https://siliconangle.com/2021/02/18/sailpoint-acquires-intello-increase-visibility-saas-apps/]]|
|>|>||
|>|>|!Autres / Others |
|>|>|''Chiffrement / Encryption'' |
|2021.02.18|Help Net Security|[[Homomorphic encryption: Myths and misconceptions|https://www.helpnetsecurity.com/2021/02/18/homomorphic-encryption-myths-misconceptions/]]|
|>|>|''Détection / Detection'' |
|2021.02.19|//Logrhythm//|[[Threat Detection in the Public Cloud: Cloud Security Solutions|https://logrhythm.com/blog/threat-detection-in-the-public-cloud-cloud-security-solutions/]]|
|>|>|''DevSecOps'' |
|2021.02.18|//DevSecOps//|[[This Old DevOps Toolchain: DevSecOps Edition|http://feedproxy.google.com/~r/PaloAltoNetworks/~3/q_RLFD1lFe0/]]|
|>|>|''Divers / Miscellaneous'' |
|2021.02.17|//Virtus Lab//|[[Migrating a gigantic financial system to 20,000 pods in the cloud|https://medium.com/virtuslab/migrating-a-gigantic-financial-system-to-20-000-pods-in-the-cloud-220d5fcfcbc0]]|
|2021.02.18|//Tenable//|[[Cloud Security: Why You Shouldn’t Ignore Ephemeral Assets|https://www.tenable.com/blog/cloud-security-why-you-shouldn-t-ignore-ephemeral-assets]]|
|2021.02.18|DZone|[[The Theory and Motive Behind Active/Active Multi-Region Architectures|https://dzone.com/articles/the-theory-and-motive-behind-activeactive-multi-re]]|
|2021.02.18|//DivvyCloud//|[[2021 Cloud Security Executive Summit Preview|https://divvycloud.com/blog-2021-cloud-security-executive-summit-preview/]]|
|2021.02.19|//Rapid7//|[[Take the Full-Stack Approach to Securing Your Modern Attack Surface|https://blog.rapid7.com/2021/02/19/take-the-full-stack-approach-to-securing-your-modern-attack-surface/]]|
|2021.02.19|//Palo Alto Networks//|[[The Cloud Shift Is Now: Boost Your Enterprise Security Portfolio|https://blog.paloaltonetworks.com/2021/02/cloud-shift/]]|
<<tiddler [[arOund0C]]>>
!//Cloud Security for SaaS Startups Part 1: Requirements for Early Stages of a Startup//
Article basé sur le document "Cloud Security for Startups guidelines" rédigé par le Chapitre israëlien de la CSA.
<<<
[>img(250px,auto)[iCSA/L2JBC.jpg]]//Background Information security is a complicated subject even for mature enterprises, so it’s no wonder that startups find the area challenging. Planning, implementing and maintaining good-practice security are not only necessary, but can also serve as an important advantage that can be leveraged as a marketing differentiator.
A common challenge for Software-as-a-Service (SaaS) Startups is gaining and maintaining customers’ trust. To help address this challenge, the CSA Israel Chapter created guidelines to help SaaS organizations meet the most important security and privacy requirements presented by customers considering new services and products.
In this blog we provide a preview of the information and guidelines available in the full Cloud Security for Startups paper. In part one of this series we will cover:
* Security requirements for early stages of a startup
* Why you should pay attention to security early in the game
* What to consider when choosing a cloud platform
Who should read this blog?
* Cloud-based startups who wish to understand their security roadmap.
* Founders, CTOs, product managers and architects.
!Security Requirements for Early Stages of a Startup
[>img(250px,auto)[iCSA/HBKPC.png]]Startups must plan their security posture according to the progress they make in funding and product development. To help startups evaluate necessary security requirements, we have outlined three phases of SaaS startups maturity:
* Phase 1: Inception. From idea to first customers. In the phase between idea and the first customer, budget generally is limited, so startups should focus on laying building blocks for future potential security needs.
* Phase 2: Prepare for Growth. When the startup has paying customers.
* Phase 3: Maturity. When a startup has gained a strong, positive reputation and enough customers to create profit, it is time to advance to a more mature security posture.
When examining which security controls should be implemented for each phase, there is a difference between market sectors and the type of data your startups collect. As a general rule, if startup characteristics match any of the following, the company should prepare to move faster through phases of maturity discussed above.
* If a startup’s target customers have become enterprises, the company can expect to be questioned about participation in the shared responsibility model, identity management and security policies.
* If the data a startup stores contains high volumes of PII or sensitive PII (e.g. health information or financial details).
* If a startup must comply with especially strict regulations and laws (e.g. HIPAA, GDPR, Privacy Act).
* If a startup’s target sectors include representatives from the industries of health, government, financial or homeland security, the startup must then expect industry-specific regulations and additional security needs regarding its location of services.
__Tip:__ The Cloud Security Alliance Cloud Controls Matrix (CCM) is an excellent tool for mapping the security requirements of various laws, regulations and standards, and for better understanding future challenges.
!Why Pay Attention to Security Early in the Game?
* Implementing security measures early on can help a startup gain customer trust and meet the compliance requirements that will come later.
* Some startup’s customers have internal IT security requirements that will need to be implemented by the startup.
* Inadequate attention to security risks early in the lifecycle of a startup may lead to “technical debt,” which may be too expensive to resolve later.
* Adequate attention to IT security needs—especially to the startup’s intellectual property (IP)—can significantly influence the startup’s valuation and reduce risk to investors
!Choosing a Cloud Platform
There are many parameters to consider when choosing an IaaS/PaaS provider. Many of these parameters are not directly related to cloud security, but the following are directly implicated.
* Service location. When targeting enterprises from a specific geographic jurisdiction, it is recommended to keep customers’ data in the same geographic location. Doing so can relieve compliance efforts and create a competitive advantage.
* Regulations. SaaS startups should strive to work with service providers who adhere to the same regulation regime and standards as their designated market.
* Ecosystem. A SaaS startups usually strives to consume external software and services in order to reduce development hours. A large ecosystem of knowledge, tools and third-party software is an advantage for cloud providers.
__Tips__
* When targeting enterprises in the US, EU and/or APAC, consider deploying data storage into all of these regions to meet compliance.
* IaaS will provide better flexibility and control than PaaS, if you own your server’s configuration. However, choosing a PaaS provider also establishes a responsibility to secure those servers.
Interested in learning more? Download the ''Cloud Security for Startups guidelines'' to learn more recommendations for improving security as a SaaS company.
!Acknowledgments
The content for this blog was created by the Israeli chapter of the Cloud Security Alliance (CSA). The Israeli chapter of the Cloud Security Alliance was founded by security professionals united in a desire to promote responsible cloud adoption in the Israeli market and and deliver useful knowledge and global best practices to the Israeli innovation scene.
Creators : Moshe Ferber, Shahar Geiger Maor, Yael Nishry, Contributors, Marius Aharonovich, Ron Peled, Yuval Reut, Ofer Smadari, Omer Taran//
<<<
!!!Liens
* Blog ⇒ https://cloudsecurityalliance.org/blog/2021/02/19/cloud-security-for-saas-startups-part-1-requirements-for-early-stages-of-a-startup/
* Publication ⇒ https://cloudsecurityalliance.org/artifacts/cloud-security-for-startups/
Le ''CSA EMEA Summit'' aura lieu les ''13 et 14 avril 2021'' en mode distanciel. [>img(400px,auto)[iCSA/K4DWE.png]]

__''Programme''__
|>|!Mardi 13 avril 2021||>|!Mercredi 14 avril 2021|
| 9:15|Introduction|!| 9:15|Introduction|
| 9:30|Marnix Dekker, ENISA|~| 9:30|à préciser|
|10:00|CSA Research: Enterprise Architecture|~|10:00|CSA Research: SDP & Zero Trust|
|10:30|Keynote, Palo Alto Networks|~|10:30|Nicolas Casimir, Zscaler|
|11:00|Mario Maawad, La Caixa Bank|~|11:00|à préciser|
|12:00|à préciser|~|12:00|à préciser|
|12:30|Pause|~|12:30|Pause|
|13:30|Table ronde : 
Cloud Controls Matrix (CCM) for SMEs|!|13:30|International Data Transfer Panel| |14:30|à préciser|~|14:30|What should the auditor know about Cloud Computing?| |15:00|Edward Amoroso, Tag Cyber LLC|~|15:00|à préciser| Pour le programme en cours de rédaction et s'inscrire : * Lien ⇒ https://web.cvent.com/event/d94328da-1ae2-4079-8bd7-c4230289805b/summary
!//Cloud Incident Response Working Group Charter//
<<<
[>img(150px,auto)[iCSA/K4LPC.png]]//In today’s connected era, a comprehensive incident response strategy is an integral aspect of any organization aiming to manage and lower their risk profile. Many organizations without a solid incident response plan have been rudely awakened after their first cloud incident encounter. Significant downtime can happen due to numerous reasons, such as a natural disaster, human error, or cyber attacks. A good incident response plan helps to ensure that your organization is well-prepared at all times. There are, however, different considerations when it comes to incident response strategies for cloud-based infrastructure and systems, due in part to the nature of its shared responsibility.

''How is incident response different in the cloud?''
Migrating systems to the cloud is not a lift-and-shift process – which also applies to the incident response process. Cloud is a different realm altogether, and expectedly, cloud incident response is too. The three key aspects that set cloud incident response apart from traditional incident response processes are governance, visibility, and the shared responsibility of the cloud.

''CSA is creating a holistic Cloud Incident Response Framework.''
With the abundance of Cloud Incident Response (CIR) standards, frameworks and guidelines available in the industry, CSA aims to provide a holistic and consistent view across widely used frameworks for the user. The aim is to serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, along with serving as a transparent and common framework for CSPs to share cloud incident response practices with their customers.//
<<<
La dernière publication de ce groups de travail est détaillée [[ici|2020.04.21 - Publication : Cadre de réponse aux incidents dans le Cloud]]
!!!Liens
* Annonce et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/cloud-incident-response-working-group-charter/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/download/artifacts/cloud-incident-response-working-group-charter/
* le groupe de travail 'Cloud Incident Response' ⇒ https://cloudsecurityalliance.org/research/working-groups/cloud-incident-response/
* Publication initiale ⇒ https://cloudsecurityalliance.org/artifacts/cloud-incident-response-framework-a-quick-guide/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/downloads/artifacts/cloud-incident-response-framework-a-quick-guide/
<<tiddler [[arOund0C]]>>
|>|<<tiddler [[2021.02.14 - Weekly Newsletter Hebdomadaire #103]]>> |
|>|<<tiddler [[2021.02.14 - Veille Hebdomadaire - 14 février]]>>|
!Newsletter Hebdomadaire / Weekly Newsletter • 8 au 14 février 2021 / February 8th to 14th, 2021
!!1 -  Informations CSA / CSA News and Updates

* Actu / News: Bilan / Status ''[[SolarWinds/SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Formation / Training[img[iCSF/flag_fr.png]]: session CCSK en mars / Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
* Publication : Aider à améliorer la présentation / Help improve the presentation+++*[»]> <<tiddler [[2021.02.12 - Site Web CSA : aidez à en améliorer la présentation des publications]]>>=== 
!!2 - Veille / News Watch ([[60+ liens / 60+ links|2021.02.14 - Veille Hebdomadaire - 14 février]])

* __À lire / Must Read__
** 'AzureAD & Microsoft 365 KillChain'

* __Rapports / Reports__
** Ransomware Report 2021' (//Risk Sense//) • '2021 Cloud Data Security Report - Government' (//Netwrix//)

* __Cloud Services Providers__
** AWS
*** 'Cloud Security Monitoring on AWS' (SANS)
*** 'Case of the doppelgänger AWS account' (//One Cloud Please//)
*** 'Amazon AWS security: resilience, zero trust, intrusion kill chain prevention, and risk assessment'
** Azure
*** 'Enhancing Security Through Collaboration on Azure Cloud' (Center for Internet Security)
*** 'Behind the scenes: Building Azure integrations for ASC alerts' (//Expel//)
*** 'Mapping between Azure Security Benchmark & CIS Microsoft Azure Foundations Benchmark available now!' (//Microsoft//)
*** 'Microsoft to alert Office 365 users of nation-state hacking activity'
** GCP
*** '6 best practices for effective Cloud NAT monitoring' (//Google//)
*** 'Google Drive Trash: Deleting, Recovering and Everything in Between' (//Spanning//)
** Kubernetes
*** 'Addressing Kubernetes Data Protection Challenges'
*** 'The Kubernetes API Server: Exploring its security impact and how to lock it down' (//Alien Vault//)
** Docker & Containers
*** 'Container security: Privilege escalation bug patched in Docker Engine'
*** 'Threat Actors Now Target Docker via Container Escape Features' (//Trendmicro//)
*** 'Docker image history modification - why you can't trust "docker history"'

* __Autres Veilles / Other News Watch__
** TL;DR Security #70 • The Cloud Security Reading List #74

* __Podcasts__
** 'Container Security in AWS at Scale' (Cloud Security Podcast)

* __Marché / Market__
** Cloud Security Considerations to Watch Out for During Mergers and Acquisitions

* __Acquisitions__
** //BackHub// par/by //Rewind//

* __Divers / Miscellaneous__
** 'Why multi-Cloud is all but vain' (Christophe Parisel)
** 'Where Is Cloud Native Security Going in the Long Run?' • 'How to Build an Effective Cloud Threat Intelligence Program in the AWS Cloud' (//Crowdstrike//)

!!3 - Agenda
<<tiddler AgendaFR+EN>>
!!4 - Lien direct / Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/L2E/|https://CloudSecurityAlliance.fr/go/L2E/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 14 février 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Février|!Sources|!Titres et Liens|
|>|>|>|!À lire / Must read |
|2021.02.08|Office 365 blog|![[AAD & M365 kill chain|https://o365blog.com/aadkillchain/]] (mise à jour) |
|>|>|>||
|>|>|!Menaces / Threats |
|2021.02.10|//Netskope//|[[Cloud Threats Memo: What You Need to Know About RDP Attacks On the Rise|https://www.netskope.com/blog/cloud-threats-memo-what-you-need-to-know-about-rdp-attacks-on-the-rise]]|
|>|>||
|>|>|!Bonnes Pratiques / Best Practices |
|2021.02.12|Hack Read|[[How cloud data distracts businesses from correct data security practices|https://www.hackread.com/cloud-data-distracts-businesses-data-security-practices/]]|
|2021.02.12|//CipherCloud//|[[SolarWinds Learnings – Best Practices for Securing Collaboration across Office 365 and Connected Cloud Apps|https://www.ciphercloud.com/solarwinds-learnings-best-practices-for-securing-collaboration-across-office-365-and-connected-cloud-apps/]]|
|2021.02.11|//Security Intelligence//|[[5 Ways to Overcome Cloud Security Challenges|https://securityintelligence.com/articles/5-ways-overcome-cloud-security-challenges/]]|
|>|>||
|>|>|!Rapports / Reports |
|2021.02.11|//Risk Sense//|[[Ransomware Report 2021|https://risksense.com/ransomware-report-2021/]]|
|2021.02.11|Dark Reading| → [[Ransomware Attackers Set Their Sights on SaaS|https://www.darkreading.com/attacks-breaches/ransomware-attackers-set-their-sights-on-saas/d/d-id/1340147]]|
|>|>||
|2021.02.02|//Netwrix//|[[2021 Cloud Data Security Report - Government|https://www.netwrix.com/download/documents/2021_Netwrix_CDSR_Government.pdf]] (pdf)|
|2021.02.09|Beta News| → [[One in four government organizations suffers accidental cloud leakage|https://www.trendmicro.com/en_us/research/21/b/threat-actors-now-target-docker-via-container-escape-features.html]]|
|>|>||
|>|>|!Cloud Services Providers |
|>|>|''AWS (Amazon)'' |
|2021.02.08|SANS|![[Cloud Security Monitoring on AWS|https://www.sans.org/reading-room/whitepapers/cloud/paper/40120]] ([[pdf|https://www.sans.org/reading-room/whitepapers/cloud/cloud-security-monitoring-aws-40120]]) |
|2021.02.11|Thomas maurer|[[How to check the available VM Sizes (SKUs) by Azure Region|https://www.thomasmaurer.ch/2021/02/how-to-check-the-available-vm-sizes-skus-by-azure-region/]]|
|2021.02.10|Last Week in AWS|[[What the Hell Is Amazon Web Services?|https://www.lastweekinaws.com/blog/what-the-hell-is-amazon-web-services/]]|
|2021.02.08|//One Cloud Please//|![[Case of the doppelgänger AWS account|https://onecloudplease.com/blog/case-of-the-doppleganger-aws-account]] |
|2021.02.08|The CyberWire|![[Amazon AWS security: resilience, zero trust, intrusion kill chain prevention, and risk assessment|https://thecyberwire.com/stories/f6235891635c408bbba2d3c427532f72/amazon-aws-security-resilience-zero-trust-intrusion-kill-chain-prevention-and-risk-assessment]] |
|2021.02.12|//Amazon AWS//|[[AWS WAF adds support for JSON parsing and inspection|https://aws.amazon.com/about-aws/whats-new/2021/02/aws-waf-support-json-body-inspection/]]|
|2021.02.08|//Amazon AWS//|[[Use new account assignment APIs for AWS SSO to automate multi-account access|https://aws.amazon.com/blogs/security/use-new-account-assignment-apis-for-aws-sso-to-automate-multi-account-access/]]|
|2021.02.09|//Amazon AWS//|[[New digital curriculum: Managing Amazon S3|https://aws.amazon.com/about-aws/whats-new/2021/02/new-digital-curriculum-managing-amazon-s3/]]|
|2021.02.12|//Amazon AWS//|[[Use tags to manage and secure access to additional types of IAM resources|https://aws.amazon.com/blogs/security/use-tags-to-manage-and-secure-access-to-additional-types-of-iam-resources/]]|
|2021.02.12|//Amazon AWS//|[[Introducing OIDC identity provider authentication for Amazon EKS|https://aws.amazon.com/blogs/containers/introducing-oidc-identity-provider-authentication-amazon-eks/]]|
|2021.02.08|//Fugue//|[[Locking Down the Security of AWS IAM|https://www.fugue.co/blog/locking-down-the-security-of-aws-iam]]|
|2021.02.08|//Tripwire//|[[Amazon Addresses Best Practice Secrets Management with AWS Secrets Manager|https://www.tripwire.com/state-of-security/security-data-protection/cloud/amazon-addresses-best-practice-secrets-management-aws-secrets-manager/]]|
|2021.02.11|//Secure Cloud Blog//|[[Azure API Management – Call Azure Functions with Managed Identity|https://securecloud.blog/2021/02/11/azure-api-management-call-azure-functions-with-managed-identity/]]|
|2021.02.11|//Streampipe//|[[Normalizing AWS IAM Policies for Automation|https://steampipe.io/blog/normalizing-aws-iam-policies-for-automated-analysis]]|
|>|>|''Azure (Microsoft)'' |
|2021.02.05|Center for Internet Security|[[Enhancing Security Through Collaboration on Azure Cloud|https://www.cisecurity.org/blog/enhancing-security-through-collaboration-on-azure-cloud/]]|
|2021.02.09|//Expel//|![[Behind the scenes: Building Azure integrations for ASC alerts|https://expel.io/blog/building-azure-integrations-asc-alerts/]] |
|2021.02.09|//Microsoft Azure//|[[Azure Defender for App Service introduces dangling DNS protection|https://azure.microsoft.com/blog/azure-defender-for-app-service-introduces-dangling-dns-protection/]]|
|2021.02.08|//Microsoft Azure//|[[Why threat protection is critical to your Zero Trust security strategy|https://www.microsoft.com/security/blog/2021/02/08/why-threat-protection-is-critical-to-your-zero-trust-security-strategy/]]|
|2021.02.10|//Microsoft Azure//|[[Back up Linux virtual machines running mission-critical workloads|https://azure.microsoft.com/blog/back-up-linux-virtual-machines-running-mission-critical-workloads/]]|
|2021.02.11|//Microsoft Azure//|[[Categorizing Microsoft alerts across data sources in Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/categorizing-microsoft-alerts-across-data-sources-in-azure/ba-p/1503367]]|
|~|~|[[CIS Microsoft Azure Foundations Benchmark v1.3.0|https://www.cisecurity.org/benchmark/azure]]|
|2021.02.05|//Microsoft//| → [[Mapping between Azure Security Benchmark & CIS Microsoft Azure Foundations Benchmark available now!|https://techcommunity.microsoft.com/t5/azure-security-center/mapping-between-azure-security-benchmark-amp-cis-microsoft-azure/ba-p/2114301]]|
|2021.02.10|Stanislas Quastana|[[Azure Defender for Storage - A la source d'Azure Security Center - partie 2|https://www.youtube.com/watch?v=ZwDlogyIMVk]] (vidéo)|
|2021.02.09|Sami Lamppu|[[Monitor Elevate Access Activity in Azure with Azure Sentinel|https://samilamppu.com/2021/02/09/monitor-elevate-access-activity-in-azure-with-azure-sentinel/]]|
|2021.02.08|//Managed Sentinel//|[[Azure Security Center Design|https://www.managedsentinel.com/2021/02/08/azure-security-center-design/]] ([[diagramme|https://managedsentinel.com/downloads/azure_security_center_design_v2.pdf]])|
|2021.02.09|Bleeping Computer|[[Office 365 will help admins find impersonation attack targets|https://www.bleepingcomputer.com/news/security/office-365-will-help-admins-find-impersonation-attack-targets/]]|
|2021.02.08|Bleeping Computer|[[Microsoft to alert Office 365 users of nation-state hacking activity|https://www.bleepingcomputer.com/news/security/microsoft-to-alert-office-365-users-of-nation-state-hacking-activity/]]|
|2021.02.08|Dark Reading|![[Hidden Dangers of Microsoft 365's Power Automate and eDiscovery Tools|https://www.darkreading.com/application-security/hidden-dangers-of-microsoft-365s-power-automate-and-ediscovery-tools-/a/d-id/1340014]] |
|>|>|''GCP (Google)'' |
|2021.02.08|//Google Cloud//|![[6 best practices for effective Cloud NAT monitoring|https://cloud.google.com/blog/products/networking/6-best-practices-for-running-cloud-nat/]] |
|2021.02.09|//Google Cloud//|[[Don't fear the authentication: Google Drive edition|https://cloud.google.com/blog/topics/developers-practitioners/dont-fear-authentication-google-drive-edition]]|
|2021.02.09|//Spanning//|[[Google Drive Trash: Deleting, Recovering and Everything in Between|https://spanning.com/blog/google-drive-trash-deleting-recovering-everything-between/]]|
|~|YouTube| → [[How To Empty Google Drive Trash|https://www.youtube.com/watch?v=yiuAgJSJ1CA]], [[Recover Deleted Files|https://www.youtube.com/watch?v=9NkckqZ1vD4]])|
|2021.02.11|//Caylent//|[[What Is Google Anthos?|https://caylent.com/what-is-google-anthos]]|
|2021.02.10|//Google Cloud//|[[What you can learn in our Q1 2021 Google Cloud Security Talks|https://cloud.google.com/blog/products/identity-security/google-cloud-security-talks-q1-2021]]|
|>|>|''Kubernetes'' |
|2021.02.08|Container Journal|[[Addressing Kubernetes Data Protection Challenges|https://containerjournal.com/topics/container-security/addressing-kubernetes-data-protection-challenges/]]|
|2021.02.09|//Sysdig//|[[Getting started with Kubernetes audit logs and Falco|https://sysdig.com/blog/kubernetes-audit-log-falco/]]|
|2021.02.10|//Sysdig//|[[Runtime security in Azure Kubernetes Service|https://sysdig.com/blog/runtime-security-in-azure-kubernetes-service/]]|
|2021.02.11|//Alien Vault//|![[The Kubernetes API Server: Exploring its security impact and how to lock it down|https://feeds.feedblitz.com/~/643985864/0/alienvault-blogs~The-Kubernetes-API-Server-Exploring-its-security-impact-and-how-to-lock-it-down]] |
|2021.02.11|DZone|[[RBAC Controls: The Key to Hardening a Kubernetes Cluster|https://dzone.com/articles/rbac-controls-the-key-to-hardening-a-kubernetes-cl]]|
|>|>|''Docker'' |
|2021.02.14|Justin Steven|[[Docker image history modification - why you can't trust 'docker history'|https://www.justinsteven.com/posts/2021/02/14/docker-image-history-modification/]]|
|2021.02.12|//Cyware//|[[Misconfigured Docker Containers Could Land You in Trouble|https://cyware.com/news/misconfigured-docker-containers-could-land-you-in-trouble-9d992bb7/]]|
|2021.02.12|The Daily Swig|[[Container security: Privilege escalation bug patched in Docker Engine|https://portswigger.net/daily-swig/container-security-privilege-escalation-bug-patched-in-docker-engine]]|
|>|>|''Containers'' |
|2021.02.12|//Crowdstrike//|[[Container Security with CrowdStrike|https://www.crowdstrike.com/blog/tech-center/container-security/]] ([[YouTube|https://www.youtube.com/watch?list=PLtojL19AteZv3oYq8_jD_0J5vNvxdGDDs]])|
|2021.02.09|//Trendmicro//|[[Threat Actors Now Target Docker via Container Escape Features|https://www.trendmicro.com/en_us/research/21/b/threat-actors-now-target-docker-via-container-escape-features.html]]|
|2021.02.11|Container Journal| → [[Trend Micro Details Attack Against Containers|https://containerjournal.com/features/trend-micro-details-attack-against-containers/]]|
|2021.02.11|//Crowdstrike//|[[So You Think Your Containers Are Secure? Four Steps to Ensure a Secure Container Deployment|https://www.crowdstrike.com/blog/four-steps-to-ensure-a-secure-containter-deployment/]]|
|>|>||
|>|>|!Veilles hebdomadaires 'Cloud et Sécurité' / Weekly 'Cloud and Security' Watch |
|2021.02.08|Hackmageddon|[[16-31 January 2021 Cyber Attacks Timeline|https://www.hackmageddon.com/2021/02/08/16-31-january-2021-cyber-attacks-timeline/]]|
|2021.02.14|Marco Lancini|[[The Cloud Security Reading List #74|https://cloudseclist.com/issues/issue-74/]]|
|2021.02.10|TL;DR Security|[[#70 - Scaling Threat Modeling, Dependency Confusion, Automating Open Source Vulnerability Triage|https://tldrsec.com/blog/tldr-sec-070/]]|
|>|>||
|>|>|!Podcasts |
|2021.02.14|Cloud Security Podcast|[[Container Security in AWS at Scale - Ben Tomhave|https://anchor.fm/cloudsecuritypodcast/episodes/Container-Security-in-AWS-at-Scale---Ben-Tomhave-eqctd6]]|
|2021.02.11|Cyber Security Hub|[[Secure Cloud-First Enablement - TF7 Ep.169|https://www.cshub.com/executive-decisions/articles/secure-cloud-first-enablement]]|
|2021.02.10|SilverLining IL|[[Episode 34: PayPal Cloud Journey|https://silverlining-il.castos.com/episodes/episode-34-paypal-cloud-journey]]|
|>|>||
|>|>|!Réglementation / Regulatory |
|2021.02.10|Hunton|[[CIPL Submits Response to European Commission's Proposal for a Regulation on European Data Governance|https://www.huntonprivacyblog.com/2021/02/10/cipl-submits-response-to-european-commissions-proposal-for-a-regulation-on-european-data-governance/]]|
|>|>||
|>|>|!Marché / Market |
|2021.02.09|//Security Intelligence//|[[Cloud Security Considerations to Watch Out for During Mergers and Acquisitions|https://securityintelligence.com/posts/cloud-security-considerations-during-mergers-and-acquisitions/]]|
|>|>||
|>|>|!Acquisitions |
|2021.02.11|//Rewind//|[[Rewind Acquires BackHub and Expands Cloud Backup Portfolio Reach|https://rewind.com/blog/rewind-acquires-backhub-and-expands-cloud-backup-portfolio-reach/]]|
|>|>||
|>|>|!Divers / Miscellaneous |
|2021.02.14|Christophe Parisel|![[Why multi-Cloud is all but vain|https://www.linkedin.com/pulse/why-multi-cloud-all-vain-christophe-parisel/]] (2/2)|
|2021.02.12|Le Monde Informatique|[[Partie 1 : SASE : enfin une approche globale de la sécurité|https://www.lemondeinformatique.fr/les-dossiers/lire-sase-enfin-une-approche-globale-de-la-securite-1182.html]]|
|2021.02.12|Dark Reading|[[You've Got Cloud Security All Wrong: Managing Identity in a Cloud World|https://www.darkreading.com/cloud/youve-got-cloud-security-all-wrong-managing-identity-in-a-cloud-world/a/d-id/1340077]]|
|2021.02.12|//StackRox//|[[DevOps vs. DevSecOps - Here’s How They Fit Together|https://www.stackrox.com/post/2021/02/devops-vs-devsecops-heres-how-they-fit-together/]]|
|2021.02.12|//Crowdstrike//|[[How Identity Analyzer Improves Cloud Security|https://www.crowdstrike.com/blog/tech-center/identity-analyzer/]]|
|2021.02.11|//Security Intelligence//|[[5 Ways To Overcome Cloud Security Challenges|https://securityintelligence.com/articles/5-ways-overcome-cloud-security-challenges/]]|
|2021.02.11|//Exabeam//|[[Understanding Cloud DLP: Key Features and Best Practices|https://www.exabeam.com/dlp/cloud-dlp/]]|
|2021.02.11|//Aqua Security//|[[Cloud-Native Apps Make Software Supply Chain Security More Important Than Ever|https://www.darkreading.com/cloud-native-apps-make-software-supply-chain-security-more-important-than-ever/a/d-id/1340048]]|
|2021.02.10|The New Stack|[[Where Is Cloud Native Security Going in the Long Run?|https://thenewstack.io/where-is-cloud-native-security-going-in-the-long-run/]]|
|2021.02.10|//Tuffin//|[[CISA Makes Cloud Security Recommendations. How Tufin can Help|https://www.tufin.com/blog/cisa-cloud-security-recommendations]]|
|2021.02.10|//Security Intelligence//|[[Hiring Cloud Experts, Despite the Cybersecurity Skills Gap|https://securityintelligence.com/articles/how-to-hire-cloud-experts-despite-the-cybersecurity-skills-gap/]]|
|2021.02.09|//Crowdstrike//|Webcast [[How to Build an Effective Cloud Threat Intelligence Program in the AWS Cloud|https://www.sans.org/webcasts/build-effective-cloud-threat-intelligence-program-aws-cloud-117495]]|
|2021.02.08|//Shhgit//|[[Keep it secret. Keep it ... safe?|https://www.shhgit.com/blog/keep-it-secret-keep-it-safe/]]|
|2021.02.08|//HashiCorp//|[[Wait Conditions in the Kubernetes Provider for HashiCorp Terraform|https://www.hashicorp.com/blog/wait-conditions-in-the-kubernetes-provider-for-hashicorp-terraform]]|
<<tiddler [[arOund0C]]>>
!Une initiative pour fluidifier le site Web de la CSA
[>img(500px,auto)[iCSA/K2CAS.jpg]]Vous trouvez vous aussi que la présentation du site Web de la CSA pourrait être améliorée ? C'est le moment de donner votre avis !
La CSA lance un appel aux bonnes volontés avec la mise à disposition d'un outil graphique sur le site 'Proven By Users' permettant de trier des cartes.
Un certain nombre de cartes avc des sujets vous serons proposées. Vous devrez alors les regrouper en catégories qui vous sont le plus logiques.

Remarque : Si vous voulez conserver votre résultat, prenez une copie d'écran car une fois validé, il n'est pas possible de revenir en arrière.
Par ailleurs, il est conseillé de cliquer sur le bouton +++^*[Save for Later] [img[iCSF/K2CA1.jpg]] === afin de récupérer +++^*[l'adresse (temporaire)] [img[iCSF/K2CA2.jpg]] === de votre proposition.

Lien sur le site 'Proven By Users' → https://provenbyusers.com/cs.php?c=Ad2121714

PS. Et si vous avez aussi des idées d'amélioration pour le site du ''Chapitre Français'' de la CSA, faites nous le aussi savoir : [img(200px,auto)[iCSF/Email-CSA_FR.png]]<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #102|2021.02.07 - Newsletter Hebdomadaire #102]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #102|2021.02.07 - Weekly Newsletter - #102]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.02.07 - Newsletter Hebdomadaire #102]]>> |<<tiddler [[2021.02.07 - Weekly Newsletter - #102]]>> |
|>|<<tiddler [[2021.02.07 - Veille Hebdomadaire - 07 février]]>>|
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 1er au 7 février 2021
!!1 - Informations CSA - 1er au 7 février 2021

* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Formation[img[iCSF/flag_fr.png]]: prochaine session CCSK en français en mars 2021+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
* Blog[img[iCSF/flag_fr.png]]: Diffusion publique du 'Panorama des référentiels Sécurité du Cloud' du CLUSIF+++^*[»] <<tiddler [[2021.02.03 - Publication CLUSIF : 'Sécurité du Cloud : Panorama des référentiels']]>>=== 
* Blog CSA : Agenda de la transition vers CCM v4+++^*[»] <<tiddler [[2021.02.04 - Blog : Agenda de la transition CCM v3 vers CCM v4]]>>=== et 'Evolution of Cloud Computing and the Updated Shared Responsibility'+++^*[»] <<tiddler [[2021.02.04 - Blog : 'Evolution of Cloud Computing and the Updated Shared Responsibility']]>>=== 
* Publication CSA : 'Blockchains in the Quantum Era'+++^*[»] <<tiddler [[2021.02.05 - Publication CSA 'Blockchains in the Quantum Era']]>>=== 
* Podcast CSA : 'CCM and STAR'+++^*[»] <<tiddler [[2021.02.01 - Podcast : 'A case study – CCM and STAR']]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 50 liens|2021.02.07 - Veille Hebdomadaire - 07 février]])

* __Attaques, Fuites de données__
** Attaques : Hildegard: New TeamTNT Malware Targeting Kubernetes (//Palo Alto Networks//) • Increasing OAuth O365 Phishing
** Fuites de données : Leaky Buckets Cloud Misconfigurations (Hackmageddon) • Data Breaches and Cyber Attacks in January 2021

* __Réponse aux incidents, Chasse__
** Réponse aux incidents : Evolution of Cloud Forensics and Incident Response
** Chasse : 'Blob Hunter to scan Azure blob storage accounts'

* __Rapports, Publications__
** Rapports: 'State of API Security' //Salt Security// • '2021 Container Security Survey' (//NeuVector//)
** Publications : NIST SP 800-171 Rev. 2 and SP 800-172 on the Protection of Controlled Unclassified Information

* __Cloud Services Providers, Outils__
** Azure : Azure AD Attack and Defense Playbook (Sami Lamppu) • PCI 3DS certification • New Azure AD Connect Releases
** GCP : Limiting public IPs
** Kubernetes : DNS Lookups in K8s Workloads (//CodeBurst//)
** Outils : Cloudlist • OpenCSPM • KubeLinter • Running Prowler from AWS CloudShell

* __Veilles 'Cloud et Sécurité'__
** TL;DR Security #69 • The Cloud Security Reading List #73 • Azure Active Directory security, SaltStack vulnerabilities analysis (//XMCO//)

* __Marché, Acquisitions__
** Marché : Microsoft Security Products vs. Other Cloud Security Products (//Managed Sentinel//)
** Acquisitions : //Alcide// by //Rapid7//

* __Divers__
** 'Understanding Cloud Misconfigurations - With Pizza and Lego' (//TrendMicro//)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L27/|https://CloudSecurityAlliance.fr/go/L27/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - February 1st to 7th, 2021
!!1 - CSA News and Updates - February 1st to 7th, 2021

* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Training[img[iCSF/flag_fr.png]]: Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
* Blog[img[iCSF/flag_fr.png]]: Availability of the 'Overview of the cloud Security Frameworks' document from CLUSIF+++^*[»] <<tiddler [[2021.02.03 - Publication CLUSIF : 'Sécurité du Cloud : Panorama des référentiels']]>>=== 
* CSA Blog : CCM v4 FAQ - Transition Timeline+++^*[»] <<tiddler [[2021.02.04 - Blog : Agenda de la transition CCM v3 vers CCM v4]]>>=== et 'Evolution of Cloud Computing and the Updated Shared Responsibility'+++^*[»] <<tiddler [[2021.02.04 - Blog : 'Evolution of Cloud Computing and the Updated Shared Responsibility']]>>=== 
* CSA Publication: 'Blockchains in the Quantum Era'+++^*[»] <<tiddler [[2021.02.05 - Publication CSA 'Blockchains in the Quantum Era']]>>=== 
* CSA Podcast: 'CCM and STAR'+++^*[»] <<tiddler [[2021.02.01 - Podcast : 'A case study – CCM and STAR']]>>=== 
!!2 - Cloud and Security News Watch ([[over 50 links|2021.02.07 - Veille Hebdomadaire - 07 février]])

* __Attacks, Leaks__
** Attacks: Hildegard: New TeamTNT Malware Targeting Kubernetes (//Palo Alto Networks//) • Increasing OAuth O365 Phishing
** Leaks: Leaky Buckets Cloud Misconfigurations (Hackmageddon) • Data Breaches and Cyber Attacks in January 2021

* __Incident Response, Hunting__
** Incident Response: Evolution of Cloud Forensics and Incident Response
** Hunting: Blob Hunter to scan Azure blob storage accounts

* __Reports, Surveys, Studies, Publications__
** Reports: 'State of API Security' //Salt Security// • '2021 Container Security Survey' (//NeuVector//)
** Publications: NIST SP 800-171 Rev. 2 and SP 800-172 on the Protection of Controlled Unclassified Information

* __Cloud Services Providers, Tools__
** Azure: Azure AD Attack and Defense Playbook (Sami Lamppu) • PCI 3DS certification • New Azure AD Connect Releases
** GCP: Limiting public IPs
** Kubernetes: DNS Lookups in K8s Workloads (//CodeBurst//)
** Tools: Cloudlist • OpenCSPM • KubeLinter • Running Prowler from AWS CloudShell

* __'Cloud and Security' Watch__
** Newsletters: TL;DR Security #69 • The Cloud Security Reading List #73 • Azure Active Directory security, SaltStack vulnerabilities analysis (//XMCO//)

* __Market, Acquisitions__
** Market: Microsoft Security Products vs. Other Cloud Security Products (//Managed Sentinel//)
** Acquisitions: //Alcide// by //Rapid7//

* __Miscellaneous__
** Understanding Cloud Misconfigurations - With Pizza and Lego (//TrendMicro//)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L27/|https://CloudSecurityAlliance.fr/go/L27/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 1er au 7 février 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Février|!Sources|!Titres et Liens|
|>|>|!Attaques, Fuites de données / Attacks, Leaks |
|>|>|''Attaques / Attacks'' |
|2021.02.05|Bleeping Computer|[[Microsoft warns of increasing OAuth Office 365 phishing attacks|https://www.bleepingcomputer.com/news/security/microsoft-warns-of-increasing-oauth-office-365-phishing-attacks/]]|
|2021.02.03|//Palo Alto Networks//|![[Hildegard: New TeamTNT Malware Targeting Kubernetes|https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/]] |
|2021.02.04|Security Week|[[New 'Hildegard' Malware Targets Kubernetes Systems|https://www.securityweek.com/new-hildegard-malware-targets-kubernetes-systems]]|
|2021.02.04|//Threatpost//|[[Microsoft Office 365 Attacks Sparked from Google Firebase|https://threatpost.com/microsoft-office-365-attacks-google-firebase/163666/]]|
|>|>|''Fuites de données / Leaks'' |
|2021.02.01|Hackmageddon|![[Leaky Buckets: a List of Cloud Misconfigurations|https://www.hackmageddon.com/2021/02/01/leaky-buckets-a-list-of-cloud-misconfigurations/]] |
|2021.02.01|Bleeping Computer|[[European volleyball org's Azure bucket exposed reporter passports|https://www.bleepingcomputer.com/news/security/european-volleyball-orgs-azure-bucket-exposed-reporter-passports/]]|
|2021.02.01|IT Governance|![[List of data breaches and cyber attacks in January 2021 – 878 million records breached|https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-january-2021]] ([[vidéo|https://www.youtube.com/watch?v=Ry-unoAaZRY]])|
|>|>||
|>|>|!Menaces / Threats |
|2021.02.02|//Security Trails//|[[Cloud Security Threats and How to Mitigate Them|https://securitytrails.com/blog/cloud-security-threats]]|
|>|>||
|>|>|!Réponse aux Incidents, Chasse / Incident Response, Hunting |
|>|>|''Réponse / Response'' |
|2021.02.03|//Infocyte//|[[Responding to Microsoft 365 Attacks|https://www.infocyte.com/blog/2021/02/03/responding-to-microsoft-365-attacks/]]|
|2021.02.01|//Optiv//|![[The Evolution of Cloud Forensics and Incident Response|https://www.optiv.com/explore-optiv-insights/source-zero/evolution-cloud-forensics-and-incident-response]]|
|>|>|''Chasse / Hunting'' |
|2021.02.03|//CyberArk//|![[Hunting Azure Blobs Exposes Millions of Sensitive Files|https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files]] |
|~|~|[[Blob Hunter: A tool for scanning Azure blob storage accounts for publicly opened blobs|https://github.com/cyberark/blobhunter]]|
|2021.02.03|Help Net Security| → [[Open-source tool BlobHunter helps pinpoint public Azure blobs that might contain sensitive files|https://www.helpnetsecurity.com/2021/02/08/open-source-tool-blobhunter-public-azure-blobs/]]|
|>|>||
|>|>|!Rapports, Publications / Reports, Publications |
|>|>|''Rapports / Reports'' |
|2021.01.03|//Radware//|[[The 2020 App Threats Landscape in Review|https://blog.radware.com/security/applicationsecurity/2021/02/the-2020-app-threats-landscape-in-review/]]|
|2021.01.03|//Salt Security//|[[State of API Security|https://content.salt.security/state-of-api.html]]|
|2021.02.03|Dark Reading| → [[Concerns Over API Security Grow as Attacks Increase|https://www.darkreading.com/application-security/concerns-over-api-security-grow-as-attacks-increase/d/d-id/1340054]]|
|2021.02.03|Help Net Security| → [[API security concerns hindering new application rollouts|https://www.helpnetsecurity.com/2021/02/04/api-security-concerns-hindering-new-application-rollouts/]]|
|2021.02.03|//NeuVector//|[[2021 Container Security Survey|https://neuvector.com/slider-ebooks-guides/2021-container-security-survey/]]|
|2021.02.03|Help Net Security|[[Container security is a priority, but who’s responsibility is it?|https://www.helpnetsecurity.com/2021/02/03/container-security-responsibility/]]|
|>|>|''Publications'' |
|2021.02.03|NIST|![[NIST Offers Tools to Help Defend Against State-Sponsored Hackers|https://www.nist.gov/news-events/news/2021/02/nist-offers-tools-help-defend-against-state-sponsored-hackers]] |
|2021.02.03|NIST| → [[SP 800-171 Rev. 2: Protecting Controlled Unclassified Information in Nonfederal and Organizations|https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final]] ([[pdf|https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf]])|
|2021.02.03|NIST| → [[SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171|https://csrc.nist.gov/publications/detail/sp/800-172/final]] ([[pdf|https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-172.pdf]])|
|>|>||
|>|>|!Cloud Services Providers, Outils / CSPs, Tools |
|>|>|''AWS (Amazon)'' |
|2021.02.02|//Amazon AWS//|[[AWS PrivateLink for Amazon S3 is Now Generally Available|https://aws.amazon.com/blogs/aws/aws-privatelink-for-amazon-s3-now-available/]]|
|2021.02.02|//Amazon AWS//|[[Amazon Macie announces a slew of new capabilities including support for cross-account sensitive data discovery, scanning by Amazon S3 object prefix, improved pre-scan cost estimation, and added location detail in findings|https://aws.amazon.com/about-aws/whats-new/2021/02/amazon-macie-announces-new-capabilities/]]|
|>|>|''Azure (Microsoft)'' |
|2021.02.03|Sami Lamppu|[[Community Project: Azure AD Attack and Defense Playbook – Part 2|https://samilamppu.com/2021/02/05/community-project-azure-ad-attack-and-defense-playbook-part-2/]] (2/2)|
|2021.02.04|Thomas Stringer|[[Renew Azure Key Vault Certificates from Let's Encrypt|https://trstringer.com/renew-key-vault-certificate/]]|
|2021.02.04|//Microsoft Azure//|[[Azure DDoS Protection—2020 year in review|https://azure.microsoft.com/en-gb/blog/azure-ddos-protection-2020-year-in-review/]]|
|2021.02.03|//Microsoft Azure//|[[Centralize your security response with Azure Sentinel & PagerDuty|https://techcommunity.microsoft.com/t5/azure-sentinel/centralize-your-security-response-with-azure-sentinel-amp/ba-p/2110228]]|
|2021.02.03|//Microsoft Azure//|[[Azure achieves its first PCI 3DS certification|https://azure.microsoft.com/en-us/updates/azure-achieves-its-first-pci-3ds-certification/]]|
|2021.02.03|//Microsoft Azure//|[[Strengthen your hybrid identity with these new Azure AD Connect releases|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/strengthen-your-hybrid-identity-with-these-new-azure-ad-connect/ba-p/1994721]]|
|2021.02.02|//Microsoft Azure//|![[Azure Sentinel All-In-One Accelerator|https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-all-in-one-accelerator/ba-p/1807933]]|
|2021.02.02|Container Journal|[[Containers on Azure: Tips and Tricks|https://containerjournal.com/topics/containers-on-azure-tips-and-tricks/]]|
|2021.02.01|//XM Cyber//|[[Office 365 – The Attacker Perspective|https://www.xmcyber.com/office-365-the-attacker-perspective/]]|
|>|>|''GCP (Google)'' |
|2021.02.04|//Goocle Cloud//|[[Centrally Managing Artifact Registry Container Image Vulnerabilities on Google Cloud: Part One|https://medium.com/google-cloud/centrally-managing-artifact-registry-container-image-vulnerabilities-on-google-cloud-part-one-d86fb4791601]] (1/2)|
|2021.02.02|//Goocle Cloud//|[[The cloud trust paradox: 3 scenarios where keeping encryption keys off the cloud may be necessary|https://cloud.google.com/blog/products/identity-security/3-scenarios-where-keeping-encryption-keys-off-the-cloud-may-be-necessary]]|
|2021.02.01|//Goocle Cloud//|[[Limiting public IPs on Google Cloud|https://cloud.google.com/blog/topics/developers-practitioners/limiting-public-ips-google-cloud]]|
|>|>|''Kubernetes'' |
|2021.02.07|//CodeBurst//|![[DNS Lookups in Kubernetes Workloads|https://codeburst.io/dns-lookups-in-kubernetes-workloads-9fcb567f4be5]] |
|2021.02.01|Container Journal|[[How to Implement Disaster Recovery for Kubernetes|https://containerjournal.com/topics/disaster-recovery-for-kubernetes/]]|
|2021.02.03|//Intezer//|[[Do You Really Need Kubernetes?|https://www.intezer.com/blog/container-security/do-you-really-need-kubernetes/]]|
|2021.02.01|//NeuVector//|[[4 questions you aren’t asking about Kubernetes security|https://blog.neuvector.com/article/4-questions-you-arent-asking-about-kubernetes-security]]|
|>|>|''Docker'' |
|2021.02.03|Madhu Akula|[[A Practical Guide to Writing Secure Dockerfiles|https://speakerdeck.com/madhuakula/a-practical-guide-to-writing-secure-dockerfiles-wearedevelopers-container-day-2021]] ([[présentation|https://files.speakerdeck.com/presentations/32b54684103e49208520072956e88563/A-practical-guide-to-writing-secure-Dockerfiles-Madhu-Akula-WeAre-Developers.pdf]])|
|>|>|''Outils / Tools'' |
|2021.02.05|Kitploit|[[Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers|https://www.kitploit.com/2021/02/cloudlist-tool-for-listing-assets-from.html]]|
|2021.02.03|Kitploit|[[OpenCSPM - Open Cloud Security Posture Management Engine|https://www.kitploit.com/2021/02/opencspm-open-cloud-security-posture.html]]|
|2021.02.03|nixCraft|[[Linode cloud firewall: Do you need it to protect the Linux server?|https://www.cyberciti.biz/reviews/linode-cloud-firewall-do-you-need-it-to-protect-the-linux-server/]]|
|2021.02.03|//StackRox//|[[What is KubeLinter?|https://www.stackrox.com/post/2021/02/what-is-kubelinter/]]|
|2021.01.02|Hakin9|[[How XDR Can Address Cloud Security Challenges by Gilad David Maayan|https://hakin9.org/how-xdr-can-address-cloud-security-challenges/]]|
|2021.01.02|Toni de la Fuente|[[Run Prowler from AWS CloudShell in seconds|https://blyx.com/2021/02/02/run-prowler-from-aws-cloudshell-in-seconds/]]|
|>|>||
|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts / Weekly 'Cloud and Security' Watch, Podcasts |
|>|>|''Veilles / Newsletters'' |
|2021.02.05|//XMCO//[img[iCSF/flag_fr.png]]|[[ActuSécu #55|https://www.xmco.fr/actu-secu/XMCO-ActuSecu-55-Azure-Phishing-SaltStack.pdf]] : Comprendre l'architecture et la sécurité d'Azure Active Directory, Analyse des vulnérabilités SaltStack (CVE-2020-11651 et CVE-2020-11652|
|2021.02.07|Marco Lancini|[[The Cloud Security Reading List #73|https://cloudseclist.com/issues/issue-73/]] |
|2021.02.03|TL;DR Security|[[#69 - Cloud Security Table Top Exercises, Finding RCE in ExpressJS, InSpec for GKE|https://tldrsec.com/blog/tldr-sec-069/]]|
|>|>|''Podcasts'' |
|2021.02.07|Cloud Security Podcast|[[Cloud Security in $25 Billion dollar Company - Siemens USA|https://anchor.fm/cloudsecuritypodcast/episodes/Cloud-Security-in-25-Billion-dollar-Company---Siemens-USA-eq2c0thttps://anchor.fm/cloudsecuritypodcast/episodes/Cloud-Security-in-25-Billion-dollar-Company---Siemens-USA-eq2c0t]] ([[notes|https://anchor.fm/dashboard/episode/eavn9r/metadata/www.cloudsecuritypodcast.tv]])|
|>|>||
|>|>|!Conformité / Compliance |
|2021.02.02|//Tripwire//|[[How the CIS Foundations Benchmarks Are Key to Your Cloud Security|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cis-foundations-benchmarks-key-cloud-security/]]|
|>|>||
|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|''Marché / Market'' |
|2021.02.02|//Managed Sentinel//|![[Microsoft Security Products vs. Other Cloud Security Products|https://www.managedsentinel.com/2021/02/02/microsoft-vs-other-cloud/]] ([[Iconographie|https://www.managedsentinel.com/wp-content/uploads/2021/02/microsoft_security_vs_other_cloud_security.png]])|
|>|>|''Acquisitions'' |
|2021.02.01|//Rapid7//|[[Rapid7 Acquires Leading Kubernetes Security Provider, Alcide|https://blog.rapid7.com/2021/02/01/rapid7-acquires-leading-kubernetes-security-provider-alcide/]]|
|2021.02.01|MSSP Alert| → [[Rapid7 Acquires Israeli Kubernetes Security Provider Alcide|https://www.msspalert.com/investments/rapid7-acquires-alcide/]]|
|2021.02.03|Container Journal| → [[Rapid7 Acquires Alcide in Bid to Unify Security|https://containerjournal.com/topics/container-security/rapid7-acquires-alcide-in-bid-to-unify-security/]]|
|>|>||
|>|>|!Divers / Miscellaneous |
|>|>|''APIs'' |
|2021.02.01|//Nuageo//[img[iCSF/flag_fr.png]]|![[API : Véritable moteur de la Transformation Numérique|https://www.nuageo.fr/2021/02/api-veritable-moteur-de-la-transformation-numerique/]]	|
|2021.02.05|//Imperva//API Security Checks in the Post-Pandemic World|https://www.imperva.com/blog/api-security-checks-in-the-post-pandemic-world/]]|
|2021.02.02|//CloudVector//|[[Amazon Ring APIs suffer from Excessive Data Exposure|https://www.cloudvector.com/amazon-ring-apis-suffer-from-excessive-data-exposure/]]|
|>|>|''Divers / Miscellaneous'' |
|2021.02.03|//TrendMicro//|![[Understanding Cloud Misconfigurations - With Pizza and Lego|https://www.trendmicro.com/en_us/research/21/b/understanding-cloud-misconfigurations-with-pizza-and-lego.html]]|
|2021.02.05|//Security Intelligence//|[[Remote Work Trends: How Cloud Computing Security Changed|https://securityintelligence.com/articles/2020-remote-work-trends-cloud-computing-security-changed/]]|
|2021.02.03|//HashiCorp//|[[Gating Access to Kubernetes API & Workloads with HashiCorp Boundary|https://www.hashicorp.com/blog/gating-access-to-kubernetes-with-hashicorp-boundary]]|
|2021.02.01|//Crowdstrike//|[[How to Build an Effective Cloud Threat Intelligence Program in the AWS Cloud|https://www.sans.org/reading-room/whitepapers/analyst/membership/40115]]|
<<tiddler [[arOund0C]]>>
!//Blockchains in the Quantum Era//
<<<
[>img(200px,auto)[iCSA/L25PB.png]]//Digital Ledger Technologies (DLT) such as blockchain are being deployed as part of diverse applications that span multiple market segments. Application developers have successfully leveraged the blockchain characteristics of decentralization, immutability, cryptographic security and transparency to create the solution benefits of redundancy, non-repudiation and enhanced auditing/compliance. Blockchain infrastructures make very extensive use of digital signature algorithms, hashing algorithms and public-key cryptography. The rapid pace of progress that is being experienced with quantum computing technology has made the prospect of quantum computer cyber-attacks a very real possibility.

Initiatives are therefore underway to augment today’s DLT/blockchain infrastructures with cryptographic algorithms that are highly resistant to quantum computer attack. These post-quantum algorithms are based on computational problems that are known to be very difficult for quantum computers to solve by using either Shor’s algorithm or Grover’s algorithm. This paper provides an introduction to DLT/blockchain technology, some of its representative applications, and an overview of the leading post-quantum algorithm candidates that are actively being pursued.//
<<<
!!!Liens
* Annonce et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/blockchains-in-the-quantum-era/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/download/artifacts/blockchains-in-the-quantum-era/
* Article de Blog ⇒ https://cloudsecurityalliance.org/blog/2021/02/09/can-blockchains-survive-the-quantum-computer/
<<tiddler [[arOund0C]]>>
!//CCM v4 FAQ - Transition Timeline//
<<<
[>img(150px,auto)[iCSA/L1LBT.png]]//On January 21st CSA released +++^*[version 4 of the Cloud Controls Matrix (CCM)] https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/ ===. The new version ensures coverage of requirements deriving from new cloud technologies, new controls and enhanced interoperability and compatibility with other standards.
In this blog we will discuss the transition timeline for when organizations using the CCM in other CSA programs will need to start using version 4. We will also share the release timeline for the other CCM v4 components and answer questions around how the new version will affect:
* Mappings with standards
* Security Trust and Assurance Registry (STAR)
* Consensus Assessment Initiative Questionnaire (CAIQ)
* Certificate of Cloud Security Knowledge (CCSK)
!!CCM v4 Components Release Timeline [>img(600px,auto)[iCSA/L24B1.jpg]]
Q: When will the CCM v4 mappings to other leading standards be available for usage?
A: The first set of mappings with +++^*{CCM v3.0.1] https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v3-0-1/ ===, ISO27001/17/18 and AICPA TSP will be released in February 2021.
Other mappings will be released later within the timeframe from September to December. CSA will be working to create additional mapping to relevant standards, best practices, laws and regulations (e.g., NIST 800-53 Rev 5, ENISA Security Controls for Cloud Services, CIS Controls, PCI-DSS).

Q: When will the other columns indicating the relevance of each control for the architectural type and cloud service delivery model be released?
[img(750px,auto)[iCSA/L24B2.jpg]]
A: The control applicability matrix columns which help define the attribution of responsibilities between cloud service providers and customers will be released in early Q2 2021.
The organizational relevance columns, which help define the organizational relevance of each control based on work done by the CSA Enterprise Architecture working group is expected to be released in early Q2 2021.

Q: When will CAIQ v4 be released?
A: The fourth version of Consensus Assessment Initiative Questionnaire (CAIQ) will be released April 2021. This questionnaire accompanies the CCM and provides questions that vendors can answer to ascertain if they comply with the CCM.

Q: When will the implementation and auditing guidelines be released?
A: The CCM v4 Implementation guidelines will be released in April. The implementation guidelines are a new addition to the CCM, their goal is to explain how to use the CCM and to support the users in better understanding and implementing the CCM controls. The implementation of CCM controls in a specific technological environment (e.g. AWS, Azure, GCP, etc) are beyond the scope of the Implementation Guidelines and for that purpose we encourage the users to collaborate with their peers in the dedicated CCM User Group in Circle.
In June/July the Auditing Guidelines will be released. Similarly to the Implementation Guidelines, the Auditing Guidelines are a new additional component to the CCM. They will explain how to approach the auditing and assessment of CCM controls and provide support to the auditors and auditees alike on how to evaluate the correct adoption of CCM controls.

Q: When will CCM Lite be released?
A: In Fall (September-December) the CCM Lite will be released. The CCM Lite is a lightweight version of CCM which contains the foundational controls that any CSP regardless of their delivery model approach, size, complexity of the operations should implement, no matter what.
!!STAR Program Transition Timeline [>img(600px,auto)[iCSA/L24B3.jpg]]
* May 2021: CSA will start accepting both V4 and V3.0.1 for all STAR Levels.
* October 2021: STAR Level 2 will only accept V4 for all new submissions
* May 2022: STAR Level 1 will start accepting only V4 for all submissions.
* June 2023: STAR Level 2 will require all submissions to be V4.

Q: When will it be possible to use version 4 of the CAIQ and CCM for STAR Submissions? When will v3.0.1 no longer be accepted?
A: Until January 2022 we'll accept both V3.0.1 and V4. After January 2022, all the new submissions (i.e. those services that are joining the STAR Registry for the first time) shall be done using V4. The companies/services that were in the registry prior to January 2022, have a two year transition period (until January 2023) to switch to the new version.

Q: Will CCM v4 be used now for the STAR attestation or Certifications? Or is CCM v3.0.1 still accepted?
A: See the previous answer, while both versions are currently accepted, we strongly encourage organizations to adopt V4 as soon as possible.

Q: Will CCM v4 impact the CCSK?
A: For the time being the +++^*[CCSK curriculum] https://cloudsecurityalliance.org/education/ccsk/ === and exam will remain as is, and +++^*[CCM v4] https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/ === won't affect it in any way. This means when taking the exam, if you have a question related to the CCM (for example: the number of domains), it will still refer to CCM v3.0.1.//
<<<
!!Liens
* Blog ⇒ https://cloudsecurityalliance.org/blog/2021/02/04/ccm-v4-faq-transition-timeline/
* Téléchargement ''CCM v4'' (format XLSX) ⇒ https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/
!//The Evolution of Cloud Computing and the Updated Shared Responsibility//
Article publié le 4 février 2021 — Rédigé par Vishwas Manral, Founder and CEO chez +++^*[NanoSec] https://nanosec.io/ ===, CSA Silicon Valley Chapter.
<<<
//Cloud computing has changed over the last 10 years. This blog captures the reason why the original service models are no longer sufficient as a result of the changes in the cloud landscape with the growth of Containers, Functions, Low Code and No-code.
This blog also discusses the shared responsibility models for various different paradigms and examines where we are headed in the future.
!!Background of Service Models (SaaS, PaaS, and IaaS)
The National Institute of Standards and Technology's (NIST) provided a definition of cloud computing comprising of three service models, four deployment models, and five essential characteristics in 2011 (NIST Special Publication 800-145).
The document was intended to serve as a means for providing standards and guidelines, especially when comparing cloud services and deployment strategies, and to provide a baseline on the best uses of cloud computing.
The three service models were SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service), and IaaS (Infrastructure-as-a-service). This was the past and the models need to evolve to encompass the new platforms.
!!Innovation and Software Development as a Key Change Driver
Bringing new and differentiated value to the marketplace is now a competitive necessity and enterprises that are best organized to deliver on innovation quicker in a repeatable manner are the market leaders. Enterprise deployment of cloud computing has matured and changed with the urgency to bring new value and software being the change driver.
This is true for the infrastructure layer, the service layer and the application layer, where we have seen a proliferation of containers, the rise of Kubernetes (K8s), the advent of edge computing, and the broad adoption of serverless architecture, all in service of developers to enable them to bring value to the marketplace faster.
''Trying to fit the new architectures into the 2011 SaaS-PaaS-IaaS framework, is like fitting a square peg in a round hole!''
!!New Service Models
At its core, a *cloud* shared responsibility model provides clear demarcation in duties between the cloud providers (Amazon Web Services, Microsoft Azure, Google Cloud Platform, or more generically the platform providers) and cloud consumers or the application owners (enterprises and startups alike).
The diagram below shows the differences in responsibility across the various service models, that we see now.
Some key points:
* Slowly more and ''more responsibility is being taken up by the platform providers'', reliving the application owners of non-application logic centric responsibilities.
* As one move to the right there is ''a reduction in operations cost and overhead as the platform provider takes up more responsibility''.
* As we reach platforms like NoCode/ SaaS the developer responsibilities themselves are reduced. Leading to ''the rise of a new level of developers, who are not hardcore coders''.
The new service models that have evolved since, besides the IaaS, PaaS and SaaS are defined below.
[img(75%,auto)[iCSA/L24B1.png]]
!!Managed K8s as a Service (K8s-aaS)
Managed Kubernetes is the most widely used Managed Service Control Plane as a service (CPaaS) provided by most cloud providers. In this case the Kubernetes control plane is managed by the platform provider with some control plane (aka K8s Master node) configuration optionally provided by the application owner. The lifecycle of the data plane and managing it, is done by the application owner.
This works best when the application has specific needs from the data plane, cost optimal scale-out is a bigger consideration than additional operational overhead or when the application needs to be a multi-cloud portable application.
Examples are Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE). AWS Elastic Compute Service (ECS) is an example of a non-Kubernetes managed control plane service.
!!Container-as-a-Service (CaaS)
In the case of CaaS, the application owner provides the application containers, and the platform provider manages both the control and the data plane. This means application users do not need to manage the servers (VMs), the scaling and patching of the Host OS or the bringing up and down of the servers, on top of all the functions provided by the CPaaS.
These services are also termed serverless because the application owner is relieved of a lot of the server management responsibilities. The services are best suited for cases where it’s not an event drive architecture and the application owner is less sensitive to scale out costs.
Examples of Containers-as-a-Service (CaaS) solutions are solutions like Amazon Web Services (AWS) Fargate (both ECS Fargate and EKS Fargate), Azure Container Instances (ACI), and Google CloudRun.
!!Function-as-a-Service (FaaS)
In the case of FaaS, the application owner provides business logic, along with layers in which to run the function. These functions are built, packaged and run by the service provider. The service control plane and data plane are fully taken care of by the service provider.
This service is best suited for event driven stateless applications.
Examples of this service are AWS Lambda, Azure Functions and Google Cloud Functions.
!!NoCode-as-a-Service (NCaaS)
In NCaaS the code logic is provided by application owner. The service provider generates code from the specification and configuration, then builds, packages and runs the software.
Another similar but slightly different version of this is Low-Code-as-a-Service (LCaaS).
As there is little coding involved, these platforms are best designed for even non-technical users to create applications. This will see tremendous growth in the coming years and cause a huge growth in software developers.
Examples of this service are Azure Power Apps, Google AppSheet and AWS Honeycode.
!!Serverless
Serverless platforms enable developers to develop and deploy faster, allowing an easy way to move to cloud native services without having to manage infrastructure - including container clusters or virtual machines.
Examples: In the above model CaaS/ FaaS and NCaaS platforms would be treated as Serverless.
!!Selecting a platform for your applications
The below diagram provides a summary of how an application owner can decide which cloud platform to use for their services.
[img(75%,auto)[iCSA/L24B2.png]]
!!Summary
In summary, the future landscape of applications is very diverse, highly hybrid and multi-cloud. Enterprise cloud computing platforms will include a vast variety of infrastructure, service layers and APIs including serverless and server apps, on-premises and cloud.
There isn’t going to be a “one-size fits all” model or a single rule of the thumb. In true cloud fashion, it’s an agile and elastic decision to support a scalable and secure environment that evolves as organizations change.
//[...]
<<<
!!Liens
* Blog ⇒ https://cloudsecurityalliance.org/blog/2021/02/04/the-evolution-of-cloud-computing-and-the-updated-shared-responsibility/
!//Sécurité du Cloud : Panorama des référentiels//
[>img(150px,auto)[iCSF/CLUSIF.png]]Le 16 juillet 2020, le CLUSIF a publié pour ses membres u ncomparatif des référentiels de sécurité du cloud.
Initialement réservé à ses membres, il vient d'être publié ce début Février 2021. La présentation qui en est faite sur le site du CLUSIF est la suiante :
!Extrait
<<<
//Le groupe de travail "Cloud & Sécurité" du CLUSIF, composé d’un panel hétérogène de professionnels de la sécurité des systèmes d’information a été créé dans le but d’approfondir le sujet de la sécurité dans le cloud, et plus spécifiquement dans un contexte de projet cloud. Dans le cadre de sa réflexion pour le choix du livrable final, le groupe de travail a entrepris en amont de recenser et de passer en revue les documents existants en langue française ou anglaise, publiés avant juin 2019, et pouvant être potentiellement utiles pour traiter le sujet de la sécurité dans le cadre d’un projet cloud.
L’objectif était à la fois de permettre à tous ceux intéressés par ce sujet de disposer d’un état des lieux précis de l’existant, mais également d’identifier de potentielles zones peu ou non encore couvertes qui pourraient faire l’objet d’un second livrable. Signalons que la quasi-totalité des documents identifiés comme pertinents par le groupe de travail a été publiée par des organismes étatiques ou par de grandes organisations.
Chaque lecteur avait pour mission, d’une part, de remplir une fiche de lecture dont le but était de permettre aux personnes intéressées par un document d’avoir un aperçu de ce qu’ils pouvaient en attendre et, d’autre part, d’attribuer une note de pertinence par rapport à l’objet du groupe de travail, en lien avec les domaines couverts par le document, parmi une liste préétablie : gouvernance, relations avec les tiers, management du risque, etc. Afin de donner un avis aussi objectif que possible, les documents jugés pertinents par le premier lecteur ont, dans la mesure du possible, été lus par un second lecteur qui, à son tour, a rédigé une fiche de lecture.
Les notes de pertinence ont été attribuées en utilisant la matrice suivante :
|[img[iCSF/Star_5.gif]]|Document incontournable|
|[img[iCSF/Star_4.gif]]|Document qui aborde des sujets/thèmes non expliqués dans les autres documents|
|[img[iCSF/Star_3.gif]]|Document de référence, utile et qui contient un ensemble de bonnes pratiques|
|[img[iCSF/Star_2.gif]]|Document dont le contenu est mieux traité dans d’autres documents existants|
|[img[iCSF/Star_1.gif]]|Document trop spécifique à une certaine population|
Deux documents sont sortis du lot et ont obtenu le statut d’incontournable avec une note de « 5 étoiles » :
* CSA Security Guidance for Critical Areas of Focus in Cloud Computing Sunflower v4.0 édité par la Cloud Security Alliance : référentiel très complet balayant tous les aspects du cloud à la fois sur le plan fonctionnel et technique ;
* ISO 27005 : 2018 – Gestion des risques liés à la sécurité de l’information, édité par l’ISO IEC et traitant de la gestion des risques, qui, bien que non spécifique au cloud constitue un point crucial dans ce contexte.
//[...]
<<<
!Tableau de synthèse des fiches de lecture
| [img(150px,auto)[iCSF/CLUSIF.png]]
''Sécurité du Cloud :
Panorama des référentiels'' |writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Pages|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Langue|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Publié par|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Note / Pertinence|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Gouvernance|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Architecture et conception|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Expertises en cybersécurité|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Modélisation et cartographie|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Intégration et déploiement|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Relation avec les tiers /
externalisation des services|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Management du risque
et classification|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Maintien en condition de
cybersécurité|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Etude de cas
| |Security Guidance for Critical Areas of
Focus in Cloud Sunflower (v4)| 153|EN|Cloud Security
Alliance|[img[iCSF/Star_5.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!| |ISO 27005:2018 Technologies de l'information
Techniques de sécurité
Gestion des risques liés à la sécurité de
l'information| 57|FR|ISO IEC|[img[iCSF/Star_5.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!| |Matrix CAIQ - Consensus Assessments
Initiative Questionnaire v3.1||EN|Cloud Security
Alliance|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!| |Prestataires de services d’informatique en
nuage (SecNumCloud)
Référentiel d'exigences| 49|FR|ANSSI|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!| |Maîtriser les risques de l'infogérance /
Guide Externalisation| 56|FR|ANSSI|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!| |BITS Framework for managing technology
risk for service provider relationships| 130|EN|BITS|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|bgcolor:#0F0; X | |ISO 27001:2013 Technologies de l'information
Techniques de sécurité
Systèmes de management de la sécurité de
l'information -- Exigences| 23|FR|ISO IEC|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|!|!|!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |!| |ISO 27002:2013 Technologies de l'information
Techniques de sécurité
Code de bonne pratique pour le management de
la sécurité de l'information| 104|FR|ISO IEC|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|!|!|!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |!| |Criteria Catalogue for Cloud Services - Trusted Cloud| 79|EN|BMWi|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!| |Recommandations pour les entreprises qui envisagent
de souscrire à des services de Cloud computing| 21|FR|CNIL|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |!|bgcolor:#0F0; X |bgcolor:#0F0; X |!| |Cloud Computing Security Risk Assessment| 125|EN|ENISA|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!| |Cloud Computing Security Risk Assessment Update| 50|EN|ENISA|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!| |Recommandations relatives à l'administration
sécurisée des systèmes d'information| 68|FR|ANSSI|[img[iCSF/Star_3.gif]]|!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X | |ISO 27017:2015 Technologies de l'information
Techniques de sécurité
Code de pratique pour les contrôles de sécurité de
l'information fondés sur l'ISO 27002 pour les
services du nuage| 39|EN|ISO IEC|[img[iCSF/Star_3.gif]]|!|!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!| |ISO 27018:2019 Technologies de l'information
Techniques de sécurité
Code de bonnes pratiques pour la protection des
informations personnelles identifiables (PII)
dans l'informatique en nuage public agissant
comme processeur de PII| 23|EN|ISO IEC| [img[iCSF/Star_3.gif]]|!|!|!|!|!|bgcolor:#0F0; X |!|!|!| |ISO 27701:2019 Technologies de l'information
Techniques de sécurité
Extension d'ISO/IEC 27001 et ISO/IEC 27002 au
management de la protection de la vie privée
Exigences et lignes directrices| 66|EN|ISO IEC|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!| |PCI-DSS - Payment Card Industry Data Security
Standard v3.2.1| 139|EN|PCI SSC|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |!| |HDS - Hébergeur de Données de Santé| 20|FR|ASIP Santé|[img[iCSF/Star_3.gif]]|!|!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!| |NIST SP 800-144 - Guidelines on Security and
Privacy in Public Cloud Computing| 70|EN|NIST|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |!|!| |BSI - C5 Compliance Control Catalogue| 70|EN|BSI|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!| |CCAG-TIC : Cahier des clauses administratives
générales applicables aux Techniques de
l’Information et de la Communication| 39|FR|Marche-public.fr|[img[iCSF/Star_2.gif]]|!|!|!|!|!|!|!|!|!| |Trusted Cloud Data Protection Profile for Cloud
Services| 44|EN|BMWi|[img[iCSF/Star_2.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!| |Cloud Security Report 2018| 37|EN|Cybersecurity Insiders|[img[iCSF/Star_1.gif]]|!|!|!|!|!|!|!|!|!| ||   |   |   |   |   |   |   |   |   | __Liens :__ * Annonce → https://clusif.fr/publications/securite-du-cloud-panorama-des-referentiels/ * Document → https://clusif.fr/wp-content/uploads/2021/02/20200701-Cloud-et-securite-Panorama-des-referentiels.pdf
!"//A case study – CCM and STAR – Integrating with third-party assessments and regulations to avoid duplication of effort and cost//"
[>img(150px,auto)[iCSA/CSAsecUpd.jpg]]Podcast de la série "[[CSA Security Update]]" publié le 1er février 2021 — Invité : Chris Dixon; Governance, Risk & Compliance Manager at TokenEx//
<<<
The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR program promotes flexible, incremental, and multi-layered certifications that integrate with popular third-party assessments to avoid duplication of effort and cost. Security providers can fill out the extended question set that aligns with the CCM and send it to potential and current clients to demonstrate compliance to industry standards, frameworks, and regulations. It is recommended that providers submit the completed CAIQ to the STAR Registry so it is publicly available to all clients.
Join us as we interview Chris Dixon; Governance, Risk & Compliance Manager at TokenEx  and listen as he takes us on their journey utilizing the CCM and STAR including 
* What problems does it solve or how did it help mitigate risk?
* How has using the CCM helped Tokenex reach some of its security targets?
* What are the major benefits?
<<<
//__Liens :__
* Annonce → https://www.buzzsprout.com/303731/7610968-a-case-study-ccm-and-star-integrating-with-third-party-assessments-and-regulations-to-avoid-duplication-of-effort-and-cost
* Podcast → https://www.buzzsprout.com/303731/7610968-a-case-study-ccm-and-star-integrating-with-third-party-assessments-and-regulations-to-avoid-duplication-of-effort-and-cost.mp3
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202101>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202101>>
<<tiddler fAll2Tabs10 with: VeilleM","_202101>>
|!Date|!Sources|!Titres et Liens|!Keywords|
|2021.01.08|CISA|[[Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments |https://us-cert.cisa.gov/ncas/alerts/aa21-008a]]|Alert|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - janvier 2021]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202101>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - janvier 2021]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - janvier 2021]]>><<tiddler fAll2LiTabs13end with: 'Actu","202101'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202101'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - janvier 2021]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202101'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - janvier 2021]]>>
!//CCSK Success Stories: from a Cybersecurity Engineer//
[>img(150px,auto)[iCSA/K4QCCSK.png]]^^Article publié le 31 janvier 2021 sur le blog de la CSA
__Lien :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/31/ccsk-success-stories-from-a-cybersecurity-engineer/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Cloud Workload Security: Part 4 - Explaining the Security Features of GCP//
[>img(150px,auto)[iCSA/L1SBC.jpg]]^^Article publié le 28 janvier 2021 sur le blog de la CSA, et le 20 janvier sur celui de la société Intezer.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/28/cloud-workload-security-part-4-explaining-the-security-features-of-gcp/
* Blog Intezer → https://www.intezer.com/blog/cloud-security/cloud-workload-security-part-4-explaining-the-security-features-of-gcp/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Help CSA Develop a New SDP Training - Join the SDP Expert Group//
[>img(150px,auto)[iCSA/L1PBG.jpg]]^^Article publié le 25 janvier 2021 sur le blog de la CSA, et le 20 janvier sur celui de la société Ericom.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/25/google-report-highlights-malware-targeting-browser-vulnerabilities/
* Blog Ericom → https://blog.ericom.com/google-security-researchers-highlight-malware-targeting-browser-vulnerabilities/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Help CSA Develop a New SDP Training - Join the SDP Expert Group//
[>img(150px,auto)[iCSA/L1OBH.png]]^^Article publié le 24 janvier 2021 sur le blog de la CSA.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/24/help-csa-develop-a-new-sdp-training-join-the-sdp-expert-group/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//NACHA Updates: Supplementing Data Security Requirements//
[>img(150px,auto)[iCSA/L1JBN.jpg]]^^Article publié le 19 janvier 2021 sur le blog de la CSA
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/19/nacha-updates-supplementing-data-security-requirements/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//CCSK Success Stories: CSA Japan Chapter Executive Director//
[>img(150px,auto)[iCSA/K4QCCSK.png]]^^Article publié le 13 janvier 2021 sur le blog de la CSA
__Lien :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/13/ccsk-success-stories-csa-japan-chapter-executive-director/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//SolarWinds, GitHub Leaks and Securing the Software Supply Chain//
[>img(150px,auto)[iCSA/L1BBS.jpg]]^^Article publié le 11 janvier 2021 sur le blog de la CSA, et sur le site de Blubracket le 17 décembre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/11/solarwinds-github-leaks-and-securing-the-software-supply-chain/
* Site Blubracket ⇒ https://blubracket.com/solarwinds-github-leaks-and-securing-the-software-supply-chain/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Lessons Learned from GoDaddy's Email Phishing Simulation Debacle//
[>img(150px,auto)[iCSA/L18BL.jpg]]^^Article publié le 8 janvier 2021 sur le blog de la CSA, rédigé par Omer Taran, //Co-founder & CTO, CybeReady//
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/08/lessons-learned-from-godaddy-s-email-phishing-simulation-debacle/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Cloud Workload Security: Part 3 - Explaining Azure's Security Features//
[>img(150px,auto)[iCSA/L17BC.jpg]]^^Article publié le 7 janvier 2021 sur le blog de la CSA, et sur le site d'Intezer le 11 décembre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/07/cloud-workload-security-part-3-explaining-azure-s-security-features/
* Site Intezer ⇒ https://www.intezer.com/blog/cloud-workload-security-part-3-explaining-azures-security-features/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Tokenization vs. Encryption: Which is Better for Your Business?//
[>img(150px,auto)[iCSA/L16BT.jpg]][>img(150px,auto)[iCSA/L16B2.jpg]]^^Article publié le 6 janvier 2021 sur le blog de la CSA, et sur le site de TokenEx le 2 mars 2020...
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/06/tokenization-vs-encryption-which-is-better-for-your-business/
* Site TokenEx ⇒ https://www.tokenex.com/blog/tokenization-vs-encryption-which-one-is-best-for-your-business
^^[img(25%,1px)[iCSF/BluePixel.gif]]
f
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #101|2021.01.31 - Newsletter Hebdomadaire #101]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #101|2021.01.31 - Weekly Newsletter - #101]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.01.31 - Newsletter Hebdomadaire #101]]>> |<<tiddler [[2021.01.31 - Weekly Newsletter - #101]]>> |
|>|<<tiddler [[2021.01.31 - Veille Hebdomadaire - 31 janvier]]>>|
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 25 au 31 janvier 2021
!!1 - Informations CSA - 25 au 31 janvier 2021

* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Formation[img[iCSF/flag_fr.png]]: prochaine session CCSK en français en mars 2021+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
* Publications CSA : 'IoT Security Controls Framework v2'+++^*[»] <<tiddler [[2021.01.28 - Publications CSA 'IoT Security Controls Framework v2']]>>=== et 'Earning Trust in the 21st Century'+++^*[»] <<tiddler [[2021.01.26 - Publication CSA 'Earning Trust in the 21st Century']]>>=== 
* Blog 'Resources to Help Address Cybersecurity Challenges in Healthcare'+++^*[»] <<tiddler [[2021.01.29 - Blog : 'Resources to Help Address Cybersecurity Challenges in Healthcare']]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 40 liens|2021.01.31 - Veille Hebdomadaire - 31 janvier]])

* __À lire__
** Guide sur les journaux d'accès à l'AWS API Gateway (Alex DeBrie)

* __Attaques__
** Utilisation des services pour le cyber-espionage • Attaques de la chaine d'approvisionnement après abus de services Azure (//SecureWorks//)

* __Vulnérabilités__
** Abus du SSO d'Azure AD avec le Primary Refresh Token (Dirk-jan Mollema)• Comment sortir de Docker dans Azure Functions (//Intezer//)

* __Bonnes pratiques__
** Partage de données sensibles avec les services Cloud (SANS)

* __Rapports__
** 'State of Public Cloud Security' (//Orca//)

* __Cloud Services Providers__
** Azure : 'What is Sign-In Risk-Based Conditional Access in Azure Active Directory?' (Matt Soseman) • 'Azure Key Vault Certificates with Let's Encrypt as the Issuer CA' (Thomas Stringer)
** GCP : Nouvelles règles de réponses DNS pour des APIs Google plus accessibles
** Docker : Bien configurer les ports des APIs Docker (//Intezer//)
** Containers : Cycle de vie d'un container sur Cloud Run (Wietse Venema)

* __Veilles hebdomadaires 'Cloud et Sécurité'__
** TL;DR Security #72 • The Cloud Security Reading List #68

* __Divers__
** Exercises: Cloud Security Table Top Exercises (Matt Fuller)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1V/|https://CloudSecurityAlliance.fr/go/L1V/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - January 25th to 31th, 2021
!!1 - CSA News and Updates - January 25th to 31th, 2021

* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Publications CSA : 'IoT Security Controls Framework v2'+++^*[»] <<tiddler [[2021.01.28 - Publications CSA 'IoT Security Controls Framework v2']]>>=== et 'Earning Trust in the 21st Century'+++^*[»] <<tiddler [[2021.01.26 - Publication CSA 'Earning Trust in the 21st Century']]>>=== 
* Blog 'Resources to Help Address Cybersecurity Challenges in Healthcare'+++^*[»] <<tiddler [[2021.01.29 - Blog : 'Resources to Help Address Cybersecurity Challenges in Healthcare']]>>=== 
!!2 - Cloud and Security News Watch ([[over 40 links|2021.01.31 - Veille Hebdomadaire - 31 janvier]])

* __Must Read__
** The Missing Guide to AWS API Gateway Access Logs (Alex DeBrie)

* __Attacks__
** How Cloud Services Are Exploited for Cyber-Espionage • Abusing Azure Application Credentials to Attack Supply Chains (//SecureWorks//)

* __Vulnerabilities__
** Abusing Azure AD SSO with the Primary Refresh Token (Dirk-jan Mollema)• How We Escaped Docker in Azure Functions (//Intezer//)

* __Best Practices__
** Sensitive Data Shared with Cloud Services (SANS)

* __Reports__
** State of Public Cloud Security (//Orca//)

* __Cloud Services Providers__
** Azure: 'What is Sign-In Risk-Based Conditional Access in Azure Active Directory?' (Matt Soseman) • 'Azure Key Vault Certificates with Let's Encrypt as the Issuer CA' (Thomas Stringer)
** GCP: New Cloud DNS response policies simplify access to Google APIs
** Docker: Fix your Misconfigured Docker API Ports (//Intezer//)
** Containers: Lifecycle of a container on Cloud Run (Wietse Venema)

* __Weekly 'Cloud and Security' Watch, Podcasts__
** Newsletters: TL;DR Security #72 • The Cloud Security Reading List #68

* __Miscellaneous__
** Exercises: Cloud Security Table Top Exercises (Matt Fuller)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1V/|https://CloudSecurityAlliance.fr/go/L1V/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 25 au 31 janvier 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2021.01.28|Alex DeBrie|[[The Missing Guide to AWS API Gateway Access Logs|https://www.alexdebrie.com/posts/api-gateway-access-logs/]]|
|>|>|>||
|>|>|>|!Alertes / Alerts |
|2021.01.27|//AWS//|[[Sudo Security Issue (CVE-2021-3156)|https://aws.amazon.com/security/security-bulletins/AWS-2021-001/]]|Alert Sudo|
|>|>|>|''Attaques / Attacks'' |
|2021.01.27|InfoSecurity Mag|[[How Cloud Services Are Exploited for Cyber-Espionage|https://www.infosecurity-magazine.com/blogs/cloud-services-expolited-cyber/]]|
|2021.01.27|//Lacework//|[[Groundhog Botnet Rapidly Infecting Cloud|https://www.lacework.com/groundhog-botnet-rapidly-infecting-cloud/]]|Botnet IOC|
|2021.01.27|//AT&T//|[[TeamTNT delivers malware with new detection evasion tool|https://cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool]]|TeamTNT Malware|
|2021.01.26|//SecureWorks//|[[Abusing Azure Application Credentials to Attack Supply Chains|https://www.secureworks.com/research/abusing-azure-application-credentials-to-attack-supply-chains]]|Azure Abuse|
|2021.01.25|//TrendMicro//|[[Fake Office 365 Used for Phishing Attacks on C-Suite Targets|https://www.trendmicro.com/en_us/research/21/a/fake-office-365-used-for-phishing-attacks-on-c-suite-targets.html]]|O365 Phishing|
|2021.01.25|//Proofpoint//|[[BEC Target Selection Using Google Forms|https://www.proofpoint.com/us/blog/threat-insight/bec-target-selection-using-google-forms]]|Google_Forms|
|>|>|>||
|>|>|>|!Vulnérabilités / Vulnerabilities |
|2021.01.27|Nick Frichette|[[Intercept SSM Agent Communications|https://frichetten.com/blog/ssm-agent-tomfoolery/]], [[PoC|https://github.com/Frichetten/ssm-agent-research]]|AWS SSM_Agent EC2 PoC|
|2021.01.27|//Intezer//|[[How We Escaped Docker in Azure Functions|https://www.intezer.com/blog/research/how-we-escaped-docker-in-azure-functions/]], PoC ([[vidéo|https://www.youtube.com/watch?v=YXIf3Xl1eZ8]])|Docker Azure|
|2021.02.01|Silicon Angle| → [[Vulnerability in Azure Functions allows an attacker to escape to the Docker host|https://siliconangle.com/2021/01/31/vulnerability-azure-functions-allows-attacker-escape-docker-host/]]|
|2021.01.28|Dirk-jan Mollema|[[Abusing Azure AD SSO with the Primary Refresh Token|https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/]]|AzureAD SSO Abuse|
|>|>|>||
|>|>|>|!Bonnes Pratiques / Best Practices |
|2021.01.29|SANS|[[Sensitive Data Shared with Cloud Services|https://isc.sans.edu/forums/diary/Sensitive+Data+Shared+with+Cloud+Services/27042/]]|Data_Sharing|
|2021.01.28|//Tenable//|[[Cloud Security: Improve Cyber Hygiene with Resource Tagging|https://www.tenable.com/blog/cloud-security-improve-cyber-hygiene-with-resource-tagging]]|Misc|
|>|>|>||
|>|>|>|!Rapports / Reports |
|2021.01.29|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS|https://blog.rapid7.com/2021/01/29/nicer-protocol-deep-dive-internet-exposure-of-http-and-https/]]|Report|
|2021.01.11|//Orca//|[[State of Public Cloud Security|https://orca.security/sp-2020-state-of-public-cloud-security-report/]] '[[pdf|https://orca.security/wp-content/uploads/Orca-Security-2020-State-of-Public-Cloud-Security-Report.pdf]])|Report|
|2021.01.28|Graham Cluley| → [[How do most cloud security breaches happen? Orca’s "State of Public Cloud Security" report reveals all|https://grahamcluley.com/feed-sponsor-orca-security-3/]]|Report|
|2021.01.27|//pepperData//|[[New Survey Reveals One Third of Businesses Are Exceeding Their Cloud Budgets By As Much As 40 Percent|https://www.pepperdata.com/pepperdata-new-survey-cloud-budgets]]|Survey|
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Tools |
|>|>|>|''AWS (Amazon)'' |
|2021.01.28|//Caylent//|[[AWS Serverless Kubernetes Infrastructure with Amazon EKS on AWS Fargate|https://caylent.com/aws-serverless-kubernetes-infrastructure-with-amazon-eks-on-aws-fargate]]|AWS_EKS|
|>|>|>|''Azure (Microsoft)'' |
|2021.01.29|Matt Soseman|[[What is Sign-In Risk-Based Conditional Access in Azure Active Directory?|https://mattsoseman.wordpress.com/2021/01/29/what-is-sign-in-risk-based-conditional-access-in-azure-active-directory/]] ([[vidéo|https://www.youtube.com/watch?v=2ul5J8nA21M]])|AzureAD|
|2021.01.28|Thomas Stringer|[[Azure Key Vault Certificates with Let's Encrypt as the Issuer CA|https://trstringer.com/azure-key-vault-lets-encrypt/]]|AWS Lets_Encrypt|
|2021.01.27|Dirk-jan Mollema|![[Fantastic Conditional Access Policies|https://www.youtube.com/watch?v=yOJ6yB9anZM]] (YouTube) |
|2021.01.25|//Microsoft Azure//|[[Build regionally resilient cloud services using the Azure Resource Manager|https://azure.microsoft.com/en-us/blog/build-regionally-resilient-cloud-services-using-the-azure-resource-manager/]]|Resilience|
|2021.01.25|Dark Reading|[[How to Better Secure Your Microsoft 365 Environment|https://www.darkreading.com/endpoint/how-to-better-secure-your-microsoft-365-environment/d/d-id/1339964]]|M365|
|>|>|>|''GCP (Google)'' |
|2021.01.27|//Google Cloud//|[[New Cloud DNS response policies simplify access to Google APIs|https://cloud.google.com/blog/products/networking/introducing-cloud-dns-response-policies]]|GCP DNS|
|2021.01.25|//Google Cloud//|[[Assess the security of Google Kubernetes Engine (GKE) with InSpec for GCP|https://opensource.googleblog.com/2021/01/assess-security-of-google-kubernetes-engine-with-inspec-for-gcp.html]]|GKE|
|>|>|>|''Oracle'' |
|2021.01.26|//Oracle Cloud//|[[Announcing Asymmetric Keys support in Oracle Cloud Infrastructure Vault|https://blogs.oracle.com/cloudsecurity/announcing-asymmetric-keys-support-in-oracle-cloud-infrastructure-vault]]|Keys|
|>|>|>|''Kubernetes'' |
|2021.01.28|Computer Weekly|[[Five key questions about Kubernetes backup answered|https://www.computerweekly.com/feature/Five-key-questions-about-Kubernetes-backup-answered]]|K8s Backup|
|>|>|>|''Docker'' |
|2021.01.28|//Intezer//|[[Fix your Misconfigured Docker API Ports|https://www.intezer.com/blog/container-security/fix-your-misconfigured-docker-api-ports/]]|Docker|
|2021.01.28|//Intezer//| → [[Fixing a Common Yeat Deadly Mistake: Misconfigured Docker API Ports|https://www.intezer.com/resource/fixing-a-common-yet-deadly-mistake-misconfigured-docker-api-ports/]]|Docker|
|2021.01.28|//Intezer//| → [[The Danger of Having an Exposed Docker API Port|https://www.youtube.com/watch?v=6wGDS17YQo0]] (vidéo)|Docker|
|>|>|>|''Containers'' |
|2021.01.26|Wietse Venema|![[Lifecycle of a container on Cloud Run|https://cloud.google.com/blog/topics/developers-practitioners/lifecycle-container-cloud-run]]|Cloud_Run|
|>|>|>|''Outils / Tools'' |
|2021.01.29|//K9 Security//|[[The AWS IAM Simulator|https://k9security.io/docs/test-s3-bucket-policy-using-iam-simulator/]]|Tools AWS IAM|
|>|>|>||
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité' / Weekly 'Cloud and Security' Watch |
|2021.01.31|Marco Lancini|[[The Cloud Security Reading List #72|https://cloudseclist.com/issues/issue-72/]] |Weekly_Newsletter|
|2021.01.27|TL;DR Security|[[#68 - Securing Lambda, Recon Tool Primer, Blind SSRF Chains|https://tldrsec.com/blog/tldr-sec-068/]] |Weekly_Newsletter|
|>|>|>||
|>|>|>|!Podcasts |
|2021.01.31|Cloud Security Podcast|[[Security Chaos Engineering Experiments for Beginners|https://anchor.fm/cloudsecuritypodcast/episodes/Security-Chaos-Engineering-Experiments-for-Beginners-epndlc]]|Podcast|
|>|>|>||
|>|>|>|!Conformité / Compliance |
|2021.01.27|Help Net Security|[[Streamlining Cloud Compliance Through Automation|https://www.helpnetsecurity.com/2021/01/27/cloud-compliance-automation/]]|Compliance|
|>|>|>||
|>|>|>|!Marché / Market |
|2021.01.29|L'Usine Digitale[img[iCSF/flag_fr.png]]|[[Cloud : 13 banques européennes s'allient pour établir des standards sur le stockage des données|https://www.usine-digitale.fr/article/cloud-13-banques-europeennes-s-allient-pour-etablir-des-standards-sur-le-stockage-des-donnees.N1055524]]|Cloud_Act GAIA-X|
|2021.01.26|//Cloud Passage//|[[Inside the Unified Cloud Security Enterprise Buyer’s Guide|https://www.cloudpassage.com/articles/unified-cloud-security-enterprise-buyers-guide/]]|Buyers_Guide|
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''Chiffrement / Encryption'' |
|2021.01.28|//Protonmail//|[[EU citizens’ rights are under threat from anti-encryption proposals|https://protonmail.com/blog/joint-statement-eu-encryption/]]|Encryption|
|>|>|>|''DNS'' |
|2021.01.28|//Akamai//|[[Distinguishing Among DNS Services Part 3: Investment and Innovation|https://blogs.akamai.com/2021/01/distinguishing-among-dns-services-part-3-investment-and-innovation.html]] (3/3)|!DNS|
|2021.01.28|//Varonis//|![[How Hackers Spoof DNS Requests With DNS Cache Poisoning|https://www.varonis.com/blog/dns-cache-poisoning/]] |!DNS Attacks|
|>|>|>|''Exercices / Exercises'' |
|2021.01.31|Matt Fuller|![[Cloud Security Table Top Exercises|https://levelup.gitconnected.com/cloud-security-table-top-exercises-629d353c268e?gi=bea61af6763c]] |Exercises|
|>|>|>|''Standards'' |
|2021.01.26|//Auth0//|[[What Is ISO 27018:2019? Everything Executives Need to Know|https://auth0.com/blog/what-is-iso-27018-2019-everything-executives-need-to-know/]]|ISO_27018|
|>|>|>|''Stockage / Storage'' |
|2021.01.26|//BlackBlaze//|![[Backblaze Hard Drive Stats for 2020|https://www.backblaze.com/blog/backblaze-hard-drive-stats-for-2020/]]|Storage|
|>|>|>|''Autres / Others'' |
|2021.01.29|DZone|[[4 Cloud Data Security Features to Reassure Nervous SMBs|https://dzone.com/articles/4-cloud-data-security-features-to-reassure-nervous]]|Misc|
|2021.01.28|TechTarget|[[5-step IaaS security checklist for cloud customers|https://searchcloudsecurity.techtarget.com/tip/5-step-IaaS-security-checklist-for-cloud-customers]]|IaaS|
|2021.01.25|//Checkpoint Software//|[[Maintaining Security in a Multi-Cloud Environment|https://blog.checkpoint.com/2021/01/25/maintaining-security-in-a-multi-cloud-environment/]]|Multi_Cloud|
|2021.01.22|//Lighthouse//|[[Cloud Security and Costs: How to Mitigate Risks Within the Cloud|https://blog.lighthouseglobal.com/cloud-security-and-costs]]|Misc|
<<tiddler [[arOund0C]]>>
!//Resources to Help Address Cybersecurity Challenges in Healthcare//
[>img(200px,auto)[iCSA/L1SBC.jpg]]Article publié le 29 janvier 2021 -- Rédigé par Vince Campitelli, Co-Chair du ''[[CSA Health Information Management Working Group|https://cloudsecurityalliance.org/research/working-groups/health-information-management/]]'' (HIM).//
<<<
According to a +++^*[2019 Thales Report] https://www.techrepublic.com/article/why-70-of-healthcare-orgs-have-suffered-data-breaches/ === 70% of healthcare organizations surveyed reported a data breach, with a third reporting a breach within the last year. All organizations surveyed reported collecting, storing, or sharing sensitive information with digital transformation technologies.
> "Between 2009 and 2019 there have been 3,054 healthcare data breaches involving more than 500 records. Those breaches have resulted in the loss, theft, exposure, or impermissible disclosure of 230,954,151 healthcare records. That equates to more than 69.78% of the population of the United States. In 2019, healthcare data breaches were reported at a rate of 1.4 per day."
> +++^*[HIPPA Report] https://www.hipaajournal.com/healthcare-data-breach-statistics/ ===.
2020 Update, according to an article published January 5, 2021 in __Health IT Security__, Cyberattacks against healthcare entities rose 45 percent since November, 2020. At this rate the sector is accounting for 79 percent of all reported data breaches, according to reports from Check Point and Fortified Health Security.
Check Point’s research provided a fresh analysis of the biggest threats currently facing the sector. Shortly after the federal agency alert on the imminent ransomware threat facing healthcare providers, researchers observed a 45 percent increase in attacks—more than double the amount seen in other industries.
The threats include botnets, remote code execution, and DDoS attacks, with ransomware attacks seeing the biggest increase. Check Point stressed that malware is the biggest threat facing healthcare providers.
!This new information confirms our thesis that the healthcare industry faces significant challenges, somewhat unique to other industries:
* ''Healthcare requires the collection of huge amounts of sensitive data, that pose significantly longer-term risks compared to other industries''. Moreover, the data is inherently more attractive to hackers than other types of data that can be accessed and exploited. As a result, there may be a cascade of negative impacts to successfully attacked organizations such as: significant fines/penalties or legal actions extracted by regulatory agencies such as HHS, FDA in the USA and GDPR in the European Union and the European Economic Area; in addition, there is always the loss of patient and community confidence as well as reputational damage to the organizations affected.
* ''From a risk perspective, the potential for future damages cannot be fully mitigated.'' For example, in financial services, credit cards can be canceled and bank accounts closed. In healthcare, private patient data can be re-sold, recycled and reused in an endless cycle of fraud and abuse! Even worse, the patients may never be aware of the fraud associated with their data! Without improved and more effective interventions, the outcomes are only too predictable and alarming.
* ''As more sensitive healthcare and related personal data moves to the cloud'', spurred by the growth of individual providers as well as new entrants into the market, ''the volume of targets will grow and the volume of data will grow exponentially''. The Cloud Security Alliance is committed to continuing research on all aspects of cloud computing including best practices and guidelines for effective security and compliance. The CSA Health Information Management (HIM) group is just one of the vehicles available for individuals to explore best practices for securing information in the cloud.
* ''Patients globally will continue to come to the US to seek the preeminent healthcare services only available in America''. This places a compliance burden emanating from the European Union - The General Data Protection Regulation, aka, GDPR. Such activity triggers two regulatory requirements. Under the US HIPAA requirements, the periodic risk assessments must document the existence of these cross-border data flows, and under the EU’s GDPR, the Data Protection Requirements necessary to achieve compliance. In addition, the UK exited the EU on January 1, 2021 under the Brexit accords. Hence, GDPR as it currently exists in the UK will be subject to change.
* ''Healthcare is also a study in managing supply chain risk''. Organizations should not naively assume that because they’re moving to the cloud, they don’t have to worry about security. They are always responsible for completing and documenting an enterprise risk assessment, including the risk associated with outsourcing to third-parties, especially where the nth? parties of third parties may subsequently be relied upon. In short, they are responsible for validating and vetting their Cloud Service Providers for meeting their regulatory requirements such as HIPAA and GDPR. Moreover, healthcare providers that rely upon Cloud Service Providers (CSPs) need to understand that regardless of individual CSP responsibilities, the healthcare provider is accountable for the negative outcomes resulting from the deficient or non-conforming practices, of the business associate(s) providing the service. Now, more than ever, the security axiom that a strong organization is only as “strong” as its weakest link is a mantra to be embedded in the spirit and practice of all of their due diligence practices.
* ''It has been our observation that organizations adopting cloud services come to realize that with the adoption of every new CSP, they have essentially extended their enterprise into another entity "somewhere in a cloud"''. One that they have limited control over and even less visibility into their operations, but remain fully accountable for the continuous operation, effective performance, appropriate security, privacy, and all relevant regulatory compliance requirements. While not impossible, success is not a given without insightful planning, continuous vigilance, and mastery of the technology services being delivered throughout the supply chain.
* ''Addressing the cybersecurity and cloud technology skills gap in healthcare''. One of the most prevalent challenges to the majority of healthcare organizations entering 2021 will be mastering the upskilling and new skilling requirements to meet the new requirements of digital transformation and cloud technology platforms.
If you are new to cloud computing and even newer to CSA and cloud security, we recommend starting by reviewing the table below of recommended reading materials as well as training and educational opportunities, including CSA certifications.
These documents can be an immense help in identifying the individuals in your organization who can upskill their capabilities and extend their capacity to fill in the knowledge gaps created by the multitude of cloud platforms being utilized and consumed by healthcare providers all over the world.
!Recommended Reading Materials
Below is a guide of reading materials that will help you understand the fundamentals of cloud computing and best practices in creating effective security, privacy and compliance programs.
|!Reading Materials|!Value to the Reader|
|[[CSA Security Guidance for Cloud Computing|https://cloudsecurityalliance.org/research/guidance/]]|This paper outlines how security changes in cloud computing and best practices all organizations should follow regardless of which vendor they are using|
|[[Guideline on Effectively Managing Security Service in the Cloud|https://cloudsecurityalliance.org/artifacts/guideline-on-effectively-managing-security-service-in-the-cloud/]]|This provides guidelines for cloud users to better select security qualified cloud service providers. These guidelines are based off of the controls outlined in the Cloud Controls Matrix (CCM)|
|[[Telehealth Data in the Cloud|https://cloudsecurityalliance.org/artifacts/telehealth-data-in-the-cloud/]]|Addresses the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud for telehealth solutions|
|[[Healthcare Big Data in the Cloud|https://cloudsecurityalliance.org/artifacts/healthcare-big-data-in-the-cloud/]]|Examines big data and some use cases for big data in healthcare, the impact of big data on healthcare, regulatory requirements for Protected Health Information (PHI) in the cloud, and securing PHI in the cloud|
|[[Managing the Risk for Medical Devices Connected to the Cloud|https://cloudsecurityalliance.org/artifacts/managing-the-risk-for-medical-devices-connected-to-the-cloud/]]|Presents the concept of managing medical devices based on their proximity to the patient and introduces practices to secure the use of cloud computing for medical devices|
|[[OWASP Secure Medical Devices Deployment Standard|https://cloudsecurityalliance.org/artifacts/owasp-secure-medical-devices-deployment-standard/]]|This guide is intended to serve as a comprehensive guide to the secure deployment of medical devices within a healthcare facility|
If you’re interested in staying up to date on research CSA creates for the healthcare industry, and/or participating in the creation of future publications you can visit the CSA Health Information Management Working Group. This group helps the entire healthcare industry by accelerating solutions to security challenges specific to healthcare. For example, one of our members was able to solve IoT categorization challenges through their participation in this working group|
!Cloud security training we recommend for the healthcare industry.
The whole premise of the training is to train and educate healthcare professionals in the cloud.
More important than earning a certificate, is having robust training for the community working with healthcare organizations. For cybersecurity professionals who are new to the cloud, the ''Certificate of Cloud Security Knowledge'' (CCSK) is a good place to start as it will give them a vendor-neutral understanding of cloud computing and security best practices. Once a baseline of knowledge is established, the ''Certificate of Cloud Auditing Knowledge'' (CCAK) in particular should be helpful for the core security people in healthcare.
!Join the Health Information Management Working Group
By joining this working group, you will be able to help influence how health information service providers deliver secure cloud solutions (services, transport, applications and storage) to their clients, and foster cloud awareness within all aspects of healthcare and related industries. You can +++^*[view the latest research] https://cloudsecurityalliance.org/research/working-groups/health-information-management/ === created by this group or +++^*[join as a volunteer here] https://cloudsecurityalliance.org/research/working-groups/health-information-management/ ===.
!References
* https://vexxhost.com/blog/cloud-computing-in-healthcare/
* Market Guide Published for cloud service providers to Healthcare Delivery Organizations, Analyst, Gregg Pessin, ID G00034798
* https://www.techrepublic.com/article/why-70-of-healthcare-orgs-have-suffered-data-breaches/
!Other industry statistics
* According to the Protenus healthcare breach report in 2020, over 41 million patient records have been breached and there has been a 48.6% jump in reported hacking incidents.
* Healthcare was listed in the top three costliest industries for a breach in 2020 according to IBM’s data breach report.
<<<
//__Lien__ → https://cloudsecurityalliance.org/blog/2021/01/29/resources-to-help-address-cybersecurity-challenges-in-healthcare/
<<tiddler [[arOund0C]]>>
!//IoT Security Controls Framework v2//
[>img(200px,auto)[iCSA/L1SPG.jpg]][>img(200px,auto)[iCSA/L1SPC.jpg]]Le groupe de travail IoT de la CSA a publié deux documents le 28 janvier.
<<<
//The ''IoT Security Controls Framework'' Version 2 is relevant for enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies. The ''Framework'' has utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The classification of a system is assigned by the system owner based on the value of the data being stored and processed and the potential impact of various types of physical security threats. 

Updates for Version 2 include.
* Updated Controls - All Controls have been reviewed and updated for technical clarity
* New Domain Structure - Control domains have been reviewed and updated to better categorize each control.
* New Legal Domain - Introduces relevant legal controls
* New Security Testing Domain - Introduces Security testing of architectural allocations.
* Simplified Infrastructure Allocations - Device types have been consolidated to a single type in order to simplify the allocation of controls to architectural components.

The Guide to the ''IoT Security Controls Framework'' Version 2 provides instructions for using the companion CSA ''IoT Security Controls Framework'' v2. This guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a column by column description and explanation.//
<<<
!Liens
* Communiqué de presse "Cloud Security Alliance’s New Internet of Things (IoT) Security Controls Framework Allows for Easier Evaluation, Implementation of Security Controls within IoT Architectures"
** ⇒ https://cloudsecurityalliance.org/press-releases/2021/01/28/cloud-security-alliance-s-new-internet-of-things-iot-security-controls-framework-allows-for-easier-evaluation-implementation-of-security-controls-within-iot-architectures/
* Annonce et téléchargement du Cadre ⇒ https://cloudsecurityalliance.org/artifacts/csa-iot-security-controls-framework-v2/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/download/artifacts/csa-iot-security-controls-framework-v2/
* Annonce et téléchargement du Guide ⇒ https://cloudsecurityalliance.org/artifacts/guide-to-the-internet-of-things-iot-security-controls-framework-v2/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/download/artifacts/guide-to-the-internet-of-things-iot-security-controls-framework-v2/
<<tiddler [[arOund0C]]>>
!//Earning Trust in the 21st Century//
[>img(200px,auto)[iCSA/L1QPE.jpg]]Le Chapitre CSA de la région de Washington DC a publié un document sur le thème de la confiance numérique, et un blog associé intitué "Earning Trust in the 21st Century - Creating Trust Frameworks in a Zero Trust World"
<<<
//In today’s interconnected and technology reliant world, the expectation of trust and need to trust is growing. Today’s trust-based solutions may become non-viable in the future. As use of the cloud grows, we are experiencing a shift in resource allocation from on-premise to off-premise systems. As systems move to cloud-hosted environments, the loss of control over the access network becomes a concern. Today’s trust-based solutions typically start at the network level. If a user has access to a network, they are typically trusted to have access to some or all of the resources, data, and systems on that network.

But, when networks are unknown and untrusted, how is trust acquired? Zero Trust architectures seek to provide access control techniques that assume the network is not trustworthy. One of the approaches suggested by industry is the use of trust scores. Like a credit score, a cyber trust score could be used to assess the risk potential associated with allowing any given user access to systems and information. But how would a trust score be calculated? Current approaches smack of a violation of privacy where the right to gain access is issued only by agreeing to be monitored.

This paper addresses the technical, social, policy, and regulatory issues associated with creating trust frameworks in a Zero Trust world. Industry and government are called to solve issues in ways that continue to protect the right to a users’ privacy.//
<<<
!!!Liens
* Annonce et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/earning-trust-in-the-21st-century/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/download/artifacts/earning-trust-in-the-21st-century/
* Article de blog → ​https://cloudsecurityalliance.org/blog/2021/01/26/earning-trust-in-the-21st-century/
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #100|2021.01.24 - Newsletter Hebdomadaire #100]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #100|2021.01.24 - Weekly Newsletter - #100]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.01.24 - Newsletter Hebdomadaire #100]]>> |<<tiddler [[2021.01.24 - Weekly Newsletter - #100]]>> |
|>|<<tiddler [[2021.01.24 - Veille Hebdomadaire - 24 janvier]]>>|
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 18 au 24 janvier 2021
!!1 - Informations CSA - 18 au 24 janvier 2021

* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Formation[img[iCSF/flag_fr.png]]: prochaine session CCSK en français en mars 2021+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
* Publication de la CCM v4 (''Cloud Controls Matrix version 4'') +++*[»]> <<tiddler [[2021.01.21 - Annonce : Publication de la version 4 de la Cloud Controls Matrix (CCM v4)]]>>=== 
* Suite de l'appel à commentaires ENISA (schéma de certification)+++*[»]> <<tiddler [[2021.01.21 - Actu : Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud]]>>=== 
* Appel à commentaires sur le document 'Business Continuity Disaster Recovery as a Service' de la CSA+++*[»]> <<tiddler [[2021.01.18 - Actu : Appel à commentaires 'Business Continuity Disaster Recovery as a Service']]>>=== 
* Document ENISA 	'Cloud Security For Healthcare Services'+++*[»]> <<tiddler [[2021.01.18 - Publication ENISA : 'Cloud Security For Healthcare Services']]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 50 liens|2021.01.24 - Veille Hebdomadaire - 24 janvier]])

* __''À lire''__
** ''"Securing Cloud Services for Health" (ENISA)''
** ''Un des derniers décrets du Président Trump sur des restriction d'utilisation des plateformes Cloud contre les intérêts américains''

* __Menaces__
** "Cloud-Native Threats in 2021" (Hackmageddon) • "How Hybrid Cloud could be More Vulnerable to Threats" (Rick Blaisdell)

* __Rapports, Publications__
** Rapports : "Cloud Services Confidence Grows" (Barracuda)
** Publications : "Designing and deploying a data security strategy with Google Cloud" (Anton Chuvakin & //SideChain//)

* __Cloud Services Providers, Outils__
** AWS : Clusters EKS sur AWS • Accès à des ressources AWS via tunnel SSH et serveurs bastions
** Azure : Clusters dédiés pour Azure Sentinel • Azure AD: utilisation des certificats, Supervision
** GCP : Rôles IAM et astuces pour résoudre les problèmes • Gestion de GKE par l'exemple
** Kubernetes : Escalation de privilège K8s (//Bishop Fox//) • Comparaison EKS / GKE / AKS (//Stackrox//) • Bonnes pratiques sécurité RKE (//Stackrox//) 
** Outils: "Threat Injector"? pour Azure Sentinel (Christophe Parisel) • "Aziverso", extension Microsoft Office pour Microsoft Azure (Nino Crudele)

* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts__
** Veilles: TL;DR Security #71 • The Cloud Security Reading List #67
** Podcasts: "Researching Cloud Vulnerabilities" (SilverLining) • "Defining Your Consultancy Niche Part 2 with Scott Piper" • "Red Team In Cloud" (Cloud Security Podcast)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1O/|https://CloudSecurityAlliance.fr/go/L1O/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - January 18th to 24th, 2021
!!1 - CSA News and Updates - January 18th to 24th, 2021

* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Training[img[iCSF/flag_fr.png]]: Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
* Publication of ''Cloud Controls Matrix version 4'' (CCM v4)+++*[»]> <<tiddler [[2021.01.21 - Annonce : Publication de la version 4 de la Cloud Controls Matrix (CCM v4)]]>>=== 
* Supporting documents for the ENISA Call on Certification of Cloud Services+++*[»]> <<tiddler [[2021.01.21 - Actu : Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud]]>>=== 
* Call for Comments on the 'Business Continuity Disaster Recovery as a Service' CSA draft+++*[»]> <<tiddler [[2021.01.18 - Actu : Appel à commentaires 'Business Continuity Disaster Recovery as a Service']]>>=== 
* ENISA document 'Cloud Security For Healthcare Services'+++*[»]> <<tiddler [[2021.01.18 - Publication ENISA : 'Cloud Security For Healthcare Services']]>>=== 
!!2 - Cloud and Security News Watch ([[over 50 links|2021.01.24 - Veille Hebdomadaire - 24 janvier]])

* __''Must read''__
** ''"Securing Cloud Services for Health" (ENISA)''
** ''Final Trump Executive Order on Restricting Foreign Malicious Cyber Activities of Cloud Companies''

* __Threats__
** "Cloud-Native Threats in 2021" (Hackmageddon) • "How Hybrid Cloud could be More Vulnerable to Threats" (Rick Blaisdell)

* __Reports, Publications__
** Reports: "Cloud Services Confidence Grows" (Barracuda)
** Publications: "Designing and deploying a data security strategy with Google Cloud" (Anton Chuvakin & //SideChain//)

* __Cloud Services Providers, Tools__
** AWS: Federated Amazon EKS Clusters on AWS • AWS Resources Access With SSH Tunnels and Bastion Hosts
** Azure: Dedicated clusters for Azure Sentinel • Azure AD: Auto Validate Exposed Credentials, Client Credentials With Certificate, Monitoring
** GCP: IAM Custom Role and Permissions Debugging Tricks • GCP Operations for GKE by Example
** Kubernetes: K8s Pod Privilege Escalation (//Bishop Fox//) • EKS vs GKE vs AKS (//Stackrox//) • RKE Security Best Practices (//Stackrox//) 
** Tools: "Threat Injector"? for Azure Sentinel (Christophe Parisel) • "Aziverso", Microsoft Office add-in for Microsoft Azure (Nino Crudele)

* __Weekly 'Cloud and Security' Watch, Podcasts__
** Newsletters: TL;DR Security #71 • The Cloud Security Reading List #67
** Podcasts: "Researching Cloud Vulnerabilities" (SilverLining) • "Defining Your Consultancy Niche Part 2 with Scott Piper" • "Red Team In Cloud" (Cloud Security Podcast)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1O/|https://CloudSecurityAlliance.fr/go/L1O/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 18 au 24 janvier 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2021.01.18|ENISA|!Securing Cloud Services for Health [[Announcement|https://www.enisa.europa.eu/news/enisa-news/securing-cloud-services-for-health]], [[details|https://www.enisa.europa.eu/publications/cloud-security-for-healthcare-services]], [[publication|https://www.enisa.europa.eu/publications/cloud-security-for-healthcare-services/at_download/fullReport]] |ENISA Healthcare|
|>|>|>||
|>|>|>|!Menaces / Threats |
|2021.01.21|Hackmageddon|[[Cloud-Native Threats in 2021|https://www.hackmageddon.com/2021/01/21/cloud-native-threats-in-2021/]]|Threats|
|2021.01.21|Dark Reading|[[Cloud Jacking: The Bold New World of Enterprise Cybersecurity|https://www.darkreading.com/cloud/cloud-jacking-the-bold-new-world-of-enterprise-cybersecurity/a/d-id/1339896]]|Threats|
|2021.01.18|Rick Blaisdell|[[How Hybrid Cloud could be More Vulnerable to Threats|https://rickscloud.com/how-hybrid-cloud-could-be-more-vulnerable-to-threats/]]|Threats|
|>|>|>||
|>|>|>|!Rapports, Publications / Reports, Publications |
|>|>|>|''Rapports / Reports'' |
|2021.01.24|Barracuda Networks|[[Cloud networks: Shifting into hyperdrive|https://www.barracuda.com/sase-report]]|Report|
|2021.01.24|MSSP Alert| → [[Report: Cloud Services Confidence Grows Despite Security Concerns|https://www.msspalert.com/cybersecurity-research/report-cloud-services-confidence-grows-despite-security-concerns/]]|Report|
|>|>|>|''Publications'' |
|2021.01.22|Anton Chuvakin|![[From Google Cloud Blog: "New whitepaper: Designing and deploying a data security strategy with Google Cloud"|https://medium.com/anton-on-security/from-google-cloud-blog-new-whitepaper-designing-and-deploying-a-data-security-strategy-with-50de78f2380a]]|GCP|
|2021.01.22|//Google Cloud//| → [[New whitepaper: Designing and deploying a data security strategy with Google Cloud|https://cloud.google.com/blog/products/identity-security/start-a-data-security-program-in-a-cloud-native-way-on-google-cloud]]|GCP|
|2021.01.22|//SideChain//| → [[Don’t lift and shift your data protection strategy to the cloud|https://sidechainsecurity.com/data-protection-in-the-cloud/]]|GCP|
|2021.01.22|//SideChain//| → [[Designing and deploying a data security strategy with Google Cloud|https://services.google.com/fh/files/misc/designing_and_deploying_data_security_strategy.pdf]]|GCP|
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2021.01.22|//Amazon AWS//|[[Amazon GuardDuty enhances security incident investigation workflows through new integration with Amazon Detective|https://aws.amazon.com/about-aws/whats-new/2021/01/amazon-guardduty-enhances-security-incident-investigation-workflows-through-new-integration-with-amazon-detective/]]|AWS_GuardDuty|
|2021.01.20|//Amazon AWS//|[[Using Route 53 Private Hosted Zones for Cross-account Multi-region Architectures|https://aws.amazon.com/blogs/architecture/using-route-53-private-hosted-zones-for-cross-account-multi-region-architectures/]]|AWS Route_53|
|2021.01.20|//Amazon AWS//|[[AWS Certificate Manager Private Certificate Authority now supports additional certificate customization|https://aws.amazon.com/about-aws/whats-new/2021/01/aws-certificate-manager-private-certificate-authority-additional-certificate-customization/]]|AWS Certificates|
|2021.01.19|//Amazon AWS//|[[Introducing Federated Amazon EKS Clusters on AWS|https://aws.amazon.com/about-aws/whats-new/2021/01/introducing-federated-amazon-eks-clusters-aws/]]|AWS EKS|
|2021.01.19|//Amazon AWS//|[[Amazon ECS now supports VPC Endpoint policies|https://aws.amazon.com/about-aws/whats-new/2021/01/amazon-ecs-supports-vpc-endpoint-policies/]]|AWS VPC|
|2021.01.18|//Amazon AWS//|[[Baffle DPS on AWS simplifies tokenization and encryption of data stored in Amazon RDS|https://www.helpnetsecurity.com/2021/01/18/baffle-aws/]]|AWS|
|2021.01.18|//Upstart//|[[A Step-by-Step Approach to a Secure AWS Environment|https://www.rsaconference.com/industry-topics/blog/a-step-by-step-approach-to-a-secure-aws-environment]]|AWS|
|2021.01.18|DZone|[[How to Connect to Private AWS Resources With SSH Tunnels and Bastion Hosts|https://dzone.com/articles/how-to-connect-to-private-aws-resources-with-ssh-t]]|AWS SSH|
|>|>|>|''Azure (Microsoft)'' |
|2021.01.21|//Microsoft Azure//|[[What's new in Azure Security Center?|https://docs.microsoft.com/en-us/azure/security-center/release-notes#vulnerability-assessment-for-on-premise-and-multi-cloud-machines-is-generally-available]]|Azure|
|2021.01.19|//Microsoft Azure//|[[What’s new: Dedicated clusters for Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-dedicated-clusters-for-azure-sentinel/ba-p/2072539]]|Azure_Sentinel|
|2021.01.20|//Microsoft Azure//|[[Connect Azure Active Directory (Azure AD) data to Azure Sentinel|https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory]]|
|2021.01.19|//Digital Shadows//|[[Azure AD: Auto Validate Exposed Credentials|https://www.digitalshadows.com/blog-and-research/azure-ad-auto-validate-exposed-credentials/]]|AzureAD|
|2021.01.19|Sebastiaan van Putten|[[Get insight into your Azure RBAC role assignments|https://www.seb8iaan.com/get-insight-into-your-azure-rbac-role-assignments/]]|Azure RBAC|
|2021.01.19|SecureCloud Blog|[[GitHub Repo: Azure AD Client Credentials With Certificate|https://securecloud.blog/2021/01/19/github-repo-azure-ad-client-credentials-with-certificate/]]|AzureAD|
|2021.01.20|SecureCloud Blog|[[Project Log 0 : Monitor logins by accounts assigned Azure AD roles|https://securecloud.blog/2021/01/20/project-log-0-monitor-logins-by-accounts-assigned-azure-ad-roles/]]|AzureAD|
|>|>|>|''GCP (Google)'' |
|2021.01.22|//Google Cloud//|[[Take the first step toward SRE with Cloud Operations Sandbox|https://cloud.google.com/blog/products/operations/on-the-road-to-sre-with-cloud-operations-sandbox]]|GCP Reliability|
|2021.01.19|//Google Cloud//|[[Enforcing least privilege by bulk-applying IAM recommendations|https://cloud.google.com/blog/products/identity-security/using-iam-recommender-to-bulk-apply-least-privilege-principles]]|GCP IAM|
|2021.01.18|//Darkbit//|[[Google Cloud IAM Custom Role and Permissions Debugging Tricks |https://darkbit.io/blog/google-cloud-custom-iam-role-debugging-tricks]]|GCP|
|2021.01.17|//Codeburst//|[[Google Cloud Operations for GKE by Example|https://codeburst.io/google-cloud-operations-for-gke-by-example-a4a828e583f6]]|GCP GKE|
|>|>|>|''Oracle'' |
|2021.01.20|//Oracle Cloud//|[[Tools for Improving Cloud Security Posture Management While Maintaining Privacy|https://blogs.oracle.com/cloudsecurity/improving-cloud-security-posture-management-while-maintaining-privacy]]|CSPM|
|>|>|>|''Kubernetes'' |
|2021.01.19|//Bishop Fox//|[[Bad Pods: Kubernetes Pod Privilege Escalation|https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation]]|K8s|
|2021.01.19|//Darkbit//|[[Kubernetes Honey Token|https://darkbit.io/blog/k8s-honey-token]]|K8s|
|2021.01.18|//Stackrox//|![[EKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud|https://www.stackrox.com/post/2021/01/eks-vs-gke-vs-aks-jan2021/]] |K8s Comparison|
|2021.01.20|//Stackrox//|[[Part 1 - Rancher Kubernetes Engine (RKE) Security Best Practices for Cluster Setup|https://www.stackrox.com/post/2021/01/part-1-rancher-kubernetes-engine-rke-security-best-practices-for-cluster-setup/]] (1/4)|K8s|
|2021.01.21|//Stackrox//|[[Part 2 - Rancher Kubernetes Engine (RKE) Security Best Practices for Authentication, Authorization, and Cluster Access|https://www.stackrox.com/post/2021/01/part-2-rancher-kubernetes-engine-rke-security-best-practices-for-authentication-authorization-and-cluster-access/]] (2/4)|K8s|
|2021.01.22|//Stackrox//|[[Part 3 - Rancher Kubernetes Engine (RKE) Security Best Practice for Container and Runtime Security|https://www.stackrox.com/post/2021/01/part-3-rancher-kubernetes-engine-rke-security-best-practice-for-container-and-runtime-security/]] (3/4)|K8s|
|2021.01.25|//Stackrox//|[[Part 4 - Rancher Kubernetes Engine (RKE) Security Best Practice for Cluster Maintenance and Network Security|https://www.stackrox.com/post/2021/01/part-4-rancher-kubernetes-engine-rke-security-best-practice-for-cluster-maintenance-and-network-security/]]||
|2021.01.20|//Hashed Out//|[[3 Common Kubernetes Security Challenges & How to Address Them|https://www.thesslstore.com/blog/common-kubernetes-security-challenges-how-to-address-them/]]|K8s|
|>|>|>|''Workloads'' |
|2020.01.20|//Intezer//|[[Cloud Workload Security: Part 4 – Explaining the Security Features of GCP|https://www.intezer.com/blog/cloud-security/cloud-workload-security-part-4-explaining-the-security-features-of-gcp/]] (4/5)|GCP Workload|
|>|>|>|''Outils / Tools'' |
|2021.01.18|Christophe Parisel|![[Introducing "threat injector"? for Azure Sentinel|https://www.linkedin.com/pulse/introducing-threat-injector-azure-sentinel-christophe-parisel/]]|Tools Azure|
|2021.01.18|Nino Crudele|[[Aziverso - Microsoft Office add-in for Microsoft Azure - a brand new version released!|https://ninocrudele.com/aziverso-microsoft-office-add-in-for-microsoft-azure-a-brand-new-version-released]]|Pentesting Azure|
|2021.01.18|Nino Crudele| → [[Aziverso|https://aziverso.com/]]|~|
|2021.01.20|MSSP Alert|[[FireEye Unveils Microsoft 365 Security Tool for Global Organizations|https://www.msspalert.com/cybersecurity-services-and-products/fireeye-microsoft-365-security-tool/]]|Tools|
|>|>|>||
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts / Weekly 'Cloud and Security' Watch, Podcasts |
|>|>|>|''Veilles / Newsletters'' |
|2021.01.24|Marco Lancini|[[The Cloud Security Reading List #71|https://cloudseclist.com/issues/issue-71/]] |Weekly_Newsletter|
|2021.01.20|TL;DR Security|[[#67 - Infra as Code, Cloud Auto-remediation, C.R.E.A.M|https://tldrsec.com/blog/tldr-sec-067/]] |Weekly_Newsletter|
|>|>|>|''Podcasts'' |
|2021.01.24|Cloud Security Podcast|[[Cloud Security in Japan - Cloud Security Podcast the Tokyo edition|https://anchor.fm/cloudsecuritypodcast]]|Podcast|
|2021.01.24|Cloud Security Podcast|[[Red Team In Cloud - Brianna Malcolmson, Atlassian|https://anchor.fm/cloudsecuritypodcast/episodes/RED-TEAM-IN-CLOUD---Brianna-Malcolmson--Atlassian-epcshf]]|Podcast|
|2021.01.21|Screaming in the Cloud|[[Defining Your Consultancy Niche Part 2 with Scott Piper|https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/best-practices-for-aws-security-part-1-with-scott-piper/]] ([[mp3|https://dts.podtrac.com/redirect.mp3/media.transistor.fm/a148c694/c2dbd8b8.mp3]] (2/2)|Podcast|
|2021.01.18|SilverLining IL|[[Episode 33: Researching Cloud Vulnerabilities|https://silverlining-il.castos.com/episodes/episode-33-researching-cloud-vulnerabilities]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/silverlining-podcast-33.mp3]])|Podcast|
|>|>|>||
|>|>|>|!Juridique / Legal |
|2021.01.19|US White House|![[Executive Order on Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities|https://trumpwhitehouse.archives.gov/presidential-actions/executive-order-taking-additional-steps-address-national-emergency-respect-significant-malicious-cyber-enabled-activities/]]|US Legal|
|2021.01.19|//Duo Security//| → [[Trump Executive Order Focuses on Rules for Cloud Providers|https://duo.com/decipher/trump-executive-order-focuses-on-rules-for-cloud-providers]]|US Legal|
|2021.01.20|Bloomberg| → [[Trump Signs Order to Restrict Foreign Use of Cloud Companies|https://www.bloomberg.com/news/articles/2021-01-20/trump-signs-order-to-restrict-foreign-use-of-cloud-companies]] |US Legal|
|2021.01.21|JDSupra| → [[A Final Trump EO Would Regulate Cloud, Software and Remote Computing Services|https://www.jdsupra.com/legalnews/a-final-trump-eo-would-regulate-cloud-7706631/]]|US Legal|
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''DNS'' |
|2021.01.19|//Verisign//|[[Securing the DNS in a Post-Quantum World: New DNSSEC Algorithms on the Horizon|https://blog.verisign.com/security/securing-the-dns-in-a-post-quantum-world-new-dnssec-algorithms-on-the-horizon/]] (4/6)|!DNS|
|2021.01.21|//Verisign//|[[Securing the DNS in a Post-Quantum World: Hash-Based Signatures and Synthesized Zone Signing Keys|https://blog.verisign.com/security/securing-the-dns-in-a-post-quantum-world-hash-based-signatures-and-synthesized-zone-signing-keys/]] (5/6)|!DNS|
|>|>|>|''Autres / Others'' |
|2021.01.21|Le MagIT[img[iCSF/flag_fr.png]]|[[Six bonnes pratiques pour protéger ses applications SaaS|https://www.lemagit.fr/conseil/Six-bonnes-pratiques-pour-proteger-ses-applications-SaaS]]|SaaS|
|2021.01.27|//Wandera//|[[How to avoid the biggest mistakes with your SaaS security|https://www.wandera.com/how-to-avoid-the-biggest-mistakes-with-your-saas-security/]]|SaaS|
|2021.01.22|TechTarget|[[How to create a cloud security policy, step by step|https://searchcloudsecurity.techtarget.com/tip/How-to-create-a-cloud-security-policy-step-by-step]]|Security_Policy|
|2021.01.22|TechTarget|[[Private vs. public cloud security: Benefits and drawbacks|https://searchcloudsecurity.techtarget.com/tip/Private-vs-public-cloud-security-Benefits-and-drawbacks]]|Misc|
|2021.01.22|TechTarget|[[5 PaaS security best practices to safeguard the application layer|https://searchcloudsecurity.techtarget.com/tip/5-PaaS-security-best-practices-to-safeguard-the-application-layer]]|PaaS|
|2021.01.20|(ISC)2|[[Is Your Security Team Cloud Ready?|https://www.isc2.org/Articles/Is-Your-Security-Team-Cloud-Ready]]|Misc|
|2021.01.18|MDPI|![[Cyber Threat Intelligence Framework for Incident Response in an Energy Cloud Platform|https://www.mdpi.com/2079-9292/10/3/239]] |Incident_Response|
|>|>|>||
<<tiddler [[arOund0C]]>>
!Synthèse
[>img(300px,auto)[iCSA/L1LBT.png]]
La Cloud Security Alliance (CSA) a annoncé le 21 janvier la disponibilité de la nouvelle version de la Matrice de Contrôle du Cloud (''Cloud Controls Matrix''), l'une de ses publications phares : la ''CCM v4''.
Elle comprend des contrôles supplémentaires en matière de sécurité et de confidentialité dans le Cloud et couvre les exigences découlant des nouvelles technologies du Cloud, l'amélioration des contrôles, l'amélioration de l'interopérabilité et de la compatibilité avec d'autres normes, et l'élargissement des offres de support pour naviguer dans le modèle de responsabilité partagée du Cloud.
La ''CCM v4'' constitue une mise à jour importante par rapport à la version 3.0.1 en introduisant des changements dans la structure du cadre avec :
* un nouveau domaine dédié à la journalisation et à la surveillance (//LOG//, ou //Logging and Monitoring//)
* à des modifications dans les domaines existants, notamment :
** la gouvernance, les risques et la conformité (//GRC// ou //Governance, Risk and Compliance//)
** l'audit et l'assurance (//A&A// ou //Auditing and Assurance//)
** la gestion unifiée des points d'accès (//UEM// ou //Unified Endpoint Management//)
** la cryptographie, le cryptage et la gestion des clés (//CEK// ou //Cryptography, Encryption and Key management //).
Elle comporte donc maintenant :
* 17 domaines au lieu de 16 précédemment
* 197 contrôles contre 133 auparavant.
En termes de planning, les documents associés seront publiés au cours de l'année 2021 :
* En février 2021, les 64 nouveaux contrôles seront accompagnés de correspondances avec les normes ISO/IEC 27001-2013, ISO/IEC 27017-2015, ISO/IEC 27018-2019, AICPA TSC v2017 et CCM V3.0.1.
* 2ème trimestre 2021 :
** publication du document "CCM Implementation Guidelines" avec les directives de mise en œuvre de la CCM
** publication du document "Consensus Assessments Initiative Questionnaire" (CAIQ)" avec le cuestionnaire relatif aux contrôles de la CCM
** publication du document "Control Applicability Matrix" avec une aide à la définition de l'attribution des responsabilités entre les fournisseurs de services en nuage et les clients
** publication du document "Organizational Relevance" avec une aide pour définir la pertinence organisationnelle de chaque contrôle sur la base des travaux effectués par le groupe de travail sur l'architecture d'entreprise de la CSA
* 3ème trimestre 2021 :
** publication du document "CCM Auditing Guidelines" avec les directives pour soutenir l'audit et l'évaluation des contrôles des CCM
* 4ème trimestre 2021 : "CCM Lite" avec une version allégée de la CCM, comprenant un sous-ensemble des contrôles qui représentent les plus importants
Outre les initiatives ci-dessus, la CSA travaillera au cours de l'année 2021 à 
* la création d'une cartographie supplémentaire des normes, des meilleures pratiques, des lois et des règlements pertinents (par exemple, NIST 800-53 Rev 5, contrôles de sécurité de l'ENISA pour les services Cloud, contrôles CIS, PCI-DSS)
* la traduction dans plusieur langues, dont le français. Aucune date n'est encore fixée.
La ''CCM v4'' est bien entendu une ressource gratuite et peut être téléchargée dès maintenant.
!!Liens
* Annonce ''Cloud Security Alliance's New Cloud Controls Matrix v4 Adds New Log and Monitoring Domain and More Than 60 New Cloud Security Controls Model''
:⇒ https://cloudsecurityalliance.org/press-releases/2021/01/21/cloud-security-alliance-s-new-cloud-controls-matrix-v4-adds-new-log-and-monitoring-domain-and-more-than-60-new-cloud-security-controls/
* Blog : ''The CSA Cloud Controls Matrix (CCM) V4: Raising the cloud security bar to the next level''
:→ https://cloudsecurityalliance.org/blog/2021/01/21/the-csa-cloud-controls-matrix-ccm-v4-raising-the-cloud-security-bar-to-the-next-level/
* Téléchargement ''CCM v4'' (format XLSX)
:⇒ https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/
!Complément sur l'appel à commentaires sur le 'European Cybersecurity Certification Scheme for Cloud Services'"
[>img(400px,auto)[iCSF/L1BWE.jpg]]Suite au webinaire organisé le 11 janvier, l'ENISA a mis à disposition les élements utilisés
L'objectif de ce webinaire était d'informer sur le projet de schéma européen de certification Cloud dont la consultation publique est ouverte jusqu'au 7 février 2021.
Eric Vétillard, expert principal en certification de l'ENISA a présenté les grands principes et a répondu aux questions posées.
La présentation a fait un point d'avancement, expliqué les choix et défini les concepts associés tels que :
* Les trois niveaux d'assurance
* La méthode d'évaluation
* Les sous-services
* L'organisation des contrôles de sécurité
* Les exigences de transparence (documentation disponible pour les clients).
En conclusion, le webinaire a passé en revue les prochaines étapes est évolutions telles que
* L'amélioration du projet actuel en tenant compte des commentaires
* Les expérimentations basées sur le projet pour tester des exigences spécifiques ou la méthode d'évaluation
* L'adaptation du schéma de certification pour en assurer la cohérence
L'article initial sur l'appel à commentaires publié le 23 décembre 2020 est disponible +++[ici]> <<tiddler [[2020.12.23 - Blog : Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud]]>> === 
!Liens
* une synthèse du webinaire
:→ https://www.enisa.europa.eu/news/synopsis-of-webinar-on-certification-of-cloud-services
* les slides présentées lors du webinaire
:→ https://www.enisa.europa.eu/events/eventfiles/enisa-cybersecurity-certification-of-cloud-services-presentation
* l'enregistrement audio et vidéo du webinaire
:→ https://www.youtube.com/watch?v=Yn29pui04-I
<<tiddler [[arOund0C]]>>
!"//Business Continuity Disaster Recovery as a Service//"
Publication du 18 janvier 2021. Date limite de soumission des commentaires : 16 février 2021
<<<
//The purpose of the Security as a Service Business Continuity Disaster Recovery Volume 2 paper is to discuss some of the architectures available, the services offered, and the considerations and best practices to ensure an organization can back up its data and IT infrastructure making it possible to regain access and functionality after a disaster.

This document has been written for system auditors, system engineers, system architects, system implementers, system administrators, project planners, project coordinators, cloud architects, cloud engineers, and cloud administrators of private/public/hybrid/community cloud consumers and anyone interested in the recovery of IT systems and services as provided by service providers and other 3rd Parties.//
<<<
__Lien__
* Annonce et téléchargement → https://cloudsecurityalliance.org/artifacts/secaas-bcdr-v2/
!Étude 'Cloud Security For Healthcare Services' de l'ENISA
[>img(200px,auto)[iCSF/K1IEC.png]]Cette étude propose des bonnes pratiques de sécurité dans le Cloud pour le secteur de la santé. Il identifie également les aspects de sécurité, dont ceux liés à la protection des données, à prendre en compte lors de l'achat de services dans le Cloud
L'identification des menaces et des risques pertinents pour les services en nuage dans le secteur des soins de santé et 
les exigences en matière de sécurité et de protection des données sont également couvertes par le présent rapport.
Il présente aussi des cas d'usges, leur analyse des menaces et les mesures de sécurité associées.
!!!Table des matières
<<<
{{ss2col{1. Introduction
1.1 Context Of The Report
1.2 Objective
1.3 Scope
1.4 Target Audience
1.5 Methodology
1.6 Structure Of The Document
2. Healthcare In The Cloud
2.1 Policy Context
2.1.1 The Network And Information Security Directive (Nisd)
2.1.2 General Data Protection Regulation
2.1.3 Non Regulatory Guidelines
2.2 Cloud Computing Basics
2.2.1 Cloud Services
2.2.2 Cloud Deployment Models
2.2.3 Division Of Responsibilities
2.3 Types Of Cloud Services In Healthcare
3. Cybersecurity Considerations In Cloud For Healthcare
3.1 Cloud Security Challenges For Healthcare
3.2 Data Protection Challenges In The Cloud
3.3 Cybersecurity Threats
4. Use Cases
4.1 Use Case 1 - Electronic Health Record
4.2 Use Case 2 – Remote Care
4.3 Use Case 3 – Medical Devices
5. Cloud Security Measures
5.1 Cloud Security Measures And Good Practices
6. Conclusion
7. References
A Annex: General Practices
B Annex: Mapping Of Security Measures}}}
<<<
!Mesures de sécurité
Les 17 mesures proposées dans l'annexe B du document sont les suivantes :
|SM-01|Identify security and data protection requirements|
|SM-02|Conduct a risk assessment and data protection impact assessment |
|SM-03|Establish processes for security and data protection incident management |
|SM-04|Ensure business continuity and disaster recovery |
|SM-05|Termination and secure data deletion |
|SM-06|Auditing, logging and monitoring |
|SM-07|Implement vulnerability and patch management |
|SM-08|Manage assets and classify information |
|SM-09|Enable data encryption for data at rest and data in transit |
|SM-10|Ensure security of encryption keys |
|SM-11|Data portability and interoperability |
|SM-12|Client and endpoint protection |
|SM-13|Authentication and access control |
|SM-14|Information security awareness, education and training |
|SM-15|Network Security |
|SM-16|Review isolation between tenants |
|SM-17|Physical and environmental security |
!Liens
* Annonce ⇒ https://www.enisa.europa.eu/news/enisa-news/securing-cloud-services-for-health
* Téléchargement ⇒ https://www.enisa.europa.eu/publications/cloud-security-for-healthcare-services/at_download/fullReport
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #99|2021.01.17 - Newsletter Hebdomadaire #99]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #99|2021.01.17 - Weekly Newsletter - #99]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.01.17 - Newsletter Hebdomadaire #99]]>> |<<tiddler [[2021.01.17 - Weekly Newsletter - #99]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 11 au 17 janvier 2021
!!1 - Informations CSA - 11 au 17 janvier 2021

* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Formation[img[iCSF/flag_fr.png]]: prochaine session CCSK en français en mars 2021+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 100 liens|2021.01.17 - Veille Hebdomadaire - 17 janvier]])

* __''À lire''__
** ''AWS Security Maturity Roadmap 2021 (Scott Piper)''
** ''HITRUST collabore avec AWS et Microsoft Azure pour améliorer l'approche 'Shared Responsibility' ''
** ''Des attaquants tirent profit d'une mauvaise cyber hygiène pour compromettre la sécurité des environnements Cloud (CISA)''
** ''Rapport AR21-013A du CISA sur le contournement de l'authentification multi-facteur pour accéder aux ressources et services Cloud ''
** ''Hawk - un outil Powershell pour collecter des informations sur des intrusions O365 et des fuites potentielles (Paul Navarro)''

* __Attaques, Incidents__
** Attaques : Cloud Threat Hunting - Lateral Movement (//Checkpoint//) • Vols de comptes AWS et Docker via des scripts malveillants (//Trendmicro//) •  'Chimera', un groupe d'attaquants qui abuse des services Cloud (//Fox-IT// and //NCC Group//)
** Incidents : Piratage de certificats de Mimecast dans la chaîne de messagerie

* __Menaces__
** Blocage des détournement de sous-domaines Azure

* __Bonnes Pratiques__
** Fondamentaux de Microsoft Azure (//Tripwire//)

* __Rapports__
** 'Cloud Security Report 2021' (//Wandera//, //Netwrix//) • '2021 Container Security and Usage Report' (//Sysdig//) • Exposition Internet de DNS-over-TLS (//Rapid7//)

* __Cloud Services Providers, Outils__
** Azure : Les passerelles Azure Active Directory tournent sur .NET Core 3.1 • Délais de prise en compte sur Azure Sentinel
** OVH Cloud: Certification SecNumCloud de l'ANSSI
** Kubernetes : Niveaux de maturité • CKS Certification Study Guide (//Stackrox//)
** Outils: 'Hawk' pour la collecte d'information sur les intrusions O365 et les risques de fuites de donneés 

* __Veilles hebdomadaires 'Cloud et Sécurité'__
** TL;DR Security #66 • The Cloud Security Reading List #70

* __Marché, Acquisitions__
** Marché : Attention aux conditions générales
** Acquisitions : //MistNet// par //LogRhythm//

* __Divers__
** DNS : la NSA recommende d'utiliser des résolveurs 'DNS' sélectionnés
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1H/|https://CloudSecurityAlliance.fr/go/L1H/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - January 11th to 17th, 2021
!!1 - CSA News and Updates - January 11th to 17th, 2021

* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Training[img[iCSF/flag_fr.png]]: Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
!!2 - Cloud and Security News Watch ([[over 100 links|2021.01.17 - Veille Hebdomadaire - 17 janvier]])

* __''Must read''__
** ''AWS Security Maturity Roadmap 2021 (Scott Piper)''
** ''HITRUST Collaborates with AWS and Microsoft Azure to Enhance the Shared Responsibility Approach''
** ''Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments (CISA)''
** ''CISA Report AR21-013A on Bypassing Multi-factor Authentication to Access Organisation's Cloud Services''
** ''Hawk - a Powershell tool to gather information related to O365 intrusions and potential Breaches (Paul Navarro)''

* __Attacks, Incidents__
** Attacks: Cloud Threat Hunting - Lateral Movement (//Checkpoint//) • Malicious Shell Script Steals AWS, Docker Credentials (//Trendmicro//) •  'Chimera' Threat Group Abusing Cloud Services (//Fox-IT// and //NCC Group//)
** Incidents: Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack

* __Threats__
** Stopping Azure Subdomain Takeovers

* __Best Practices__
** Microsoft Azure Fundamentals (//Tripwire//)

* __Reports__
** 'Cloud Security Report 2021' (//Wandera//, //Netwrix//) • '2021 Container Security and Usage Report' (//Sysdig//) • Internet Exposure of DNS-over-TLS (//Rapid7//)

* __Cloud Services Providers, Tools__
** Azure: Azure Active Directory’s gateway is on .NET Core 3.1 • Ingestion Delay in Azure Sentinel
** OVH Cloud: Certification to ANSSI's SecNumCloud Level
** Kubernetes: Maturity Levels • CKS Certification Study Guide (//Stackrox//)
** Tools: Hawk Gathers Information Related to O365 Intrusions and Potential Breaches

* __Weekly 'Cloud and Security' Watch__
** TL;DR Security #66 • The Cloud Security Reading List #70

* __Market, Acquisitions__
** Market: Beware of Terms of Service
** Acquisitions: //MistNet// by //LogRhythm//

* __Miscellaneous__
** DNS: NSA Recommendation to Use Only 'Designated' DNS Resolvers
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1H/|https://CloudSecurityAlliance.fr/go/L1H/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 11 au 17 janvier 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2021.01.12|Summit Route|![[AWS Security Maturity Roadmap 2021|https://summitroute.com/blog/2021/01/12/2021_aws_security_maturity_roadmap_2021/]] ([[pdf|https://summitroute.com/downloads/aws_security_maturity_roadmap-Summit_Route.pdf]])|AWS Roadmap|
|>|>|>||
|2021.01.07|HITRUST|![[The HITRUST Shared Responsibility Matrix: The Key to Secure Adoption of Cloud Technologies|https://hitrustalliance.net/hitrust-shared-responsibility-matrix-key-secure-adoption-cloud-technologies/]] |Shared_Responsibility|
|2021.01.07|HITRUST| → [[HITRUST Collaborates with AWS and Microsoft Azure to Enhance the Shared Responsibility Approach for Cloud Security|https://hitrustalliance.net/press_release/hitrust-collaborates-with-aws-and-microsoft-azure-to-enhance-the-shared-responsibility-approach-for-cloud-security/]]|Shared_Responsibility|
|2021.01.12|HITRUST| → HITRUST Shared Responsibility Matrix for [[AWS|https://go.hitrustalliance.net/SR-Custom-Matrix-AWS]] and [[Microsoft Azure|https://go.hitrustalliance.net/SR-Custom-Matrix-Microsoft-Azure]] (après inscription)|Shared_Responsibility|
|2021.01.12|Security Week| → [[New Resources Define Cloud Security and Privacy Responsibilities|https://www.securityweek.com/new-resources-define-cloud-security-and-privacy-responsibilities]]|Shared_Responsibility|
|2021.01.14|//Microsoft Azure//| → [[Azure and HITRUST publish shared responsibility matrix|https://azure.microsoft.com/en-us/blog/azure-and-hitrust-publish-shared-responsibility-matrix/]]|Shared_Responsibility|
|>|>|>||
|2021.01.13|CISA|![[Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments|https://us-cert.cisa.gov/ncas/current-activity/2021/01/13/attackers-exploit-poor-cyber-hygiene-compromise-cloud-security]]|Advisory Compromise|
|2021.01.13|CISA| → [[AR21-013A STIX IOCs|https://us-cert.cisa.gov/sites/default/files/publications/AR21-013A.stix.xml]]|!IOCs|
|2021.01.14|//Threatpost//| → [[Cloud Attacks Are Bypassing MFA, Feds Warn|https://threatpost.com/cloud-attacks-bypass-mfa-feds/163056/]]|Advisory Compromise|
|2021.01.14|//MalwareBytes Labs//| → [[Cybercriminals want your cloud services accounts, CISA warns|https://blog.malwarebytes.com/awareness/2021/01/cybercriminals-want-your-cloud-services-accounts/]]|Advisory Compromise|
|2021.01.14|//Security Week//| → [[CISA Warns Organizations About Attacks on Cloud Services|https://www.securityweek.com/cisa-warns-organizations-about-attacks-cloud-services]]|Advisory Compromise|
|>|>|>||
|2021.01.13|CISA|![[Analysis Report (AR21-013A)|https://us-cert.cisa.gov/ncas/analysis-reports/ar21-013a]]|Analysis|
|2021.01.04|Paul Navarro| → [[Hawk - a Powershell tool to gather information related to O365 intrusions and potential Breaches|https://github.com/T0pCyber/hawk]]|Tools|
|2021.01.12|Bleeping Computer| → [[CISA: Hackers bypassed MFA to access cloud service accounts|https://www.bleepingcomputer.com/news/security/cisa-hackers-bypassed-mfa-to-access-cloud-service-accounts/]]|Threats MFA|
|2021.01.14|//Tripwire//| → [[Cybercriminals are Bypassing Multi-factor Authentication to Access Organisation's Cloud Services|https://www.tripwire.com/state-of-security/featured/hackers-bypassing-mfa-to-access-organisations-cloud-services/]]|MFA|
|>|>|>||
|>|>|>|!Attaques, Incidents, Fuites de données / Attacks, Incidents, Data leaks |
|>|>|>|''Attaques / Attacks'' |
|2021.01.13|//Checkpoint Software//|![[Cloud Threat Hunting: Attack & Investigation Series - Lateral Movement – Under The Radar|https://blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/]] |Attacks|
|2021.01.08|//Trendmicro//|![[Malicious Shell Script Steals AWS, Docker Credentials|https://www.trendmicro.com/en_us/research/21/a/malicious-shell-script-steals-aws-docker-credentials.html]] |Attacks Docker|
|2021.01.12|//Fox-IT// & //NCC Group//|!Abusing cloud services to fly under the radar: [[1|https://blog.fox-it.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/]], [[2|https://research.nccgroup.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/]]|Attacks Azure GCP IOCs|
|2021.01.14|Dark Reading| → [['Chimera' Threat Group Abuses Microsoft & Google Cloud Services|https://www.darkreading.com/threat-intelligence/chimera-threat-group-abuses-microsoft-and-google-cloud-services/d/d-id/1339905]]|Threats Azure GCP|
|2021.01.15|//Duo Security//| → [[Attackers Eyeing Cloud Platforms|https://duo.com/decipher/attackers-eyeing-cloud-platforms]]|Threats Azure GCP|
|>|>|>|''Incidents'' |
|2021.01.12|//Mimecast//|![[Important Update from Mimecast|https://www.mimecast.com/blog/important-update-from-mimecast/]]|Certificate Compromise|
|2021.01.12|//Mimecast//| → [[Mimecast notification to SEC|https://www.sec.gov/Archives/edgar/data/1644675/000119312521006829/d47544dex991.htm]]|Certificate Compromise|
|2021.01.12|Bleeping Computer| → [[Mimecast discloses Microsoft 365 SSL certificate compromise|https://www.bleepingcomputer.com/news/security/mimecast-discloses-microsoft-365-ssl-certificate-compromise/]]|Certificate Compromise|
|2021.01.12|//Threatpost//| → [[Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack|https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/]]|Certificate Compromise|
|2021.01.12|Silicon Angle| → //[[Hackers compromise Mimecast certificate used to connect to Microsoft 365|https://siliconangle.com/2021/01/12/hackers-compromise-mimecast-certificate-used-connect-microsoft-365/]]//|Certificate Compromise|
|2021.01.12|Reuters| → [[Email security firm Mimecast says hackers hijacked its products to spy on customers|https://www.reuters.com/article/us-global-cyber-mimecast/email-security-firm-mimecast-says-hackers-hijacked-its-products-to-spy-on-customers-idUSKBN29H22K]]|Certificate Compromise|
|>|>|>||
|>|>|>|!Fuites de données / Data Leaks |
|2021.01.11|//Safety detectives//|[[Chinese start-up leaked 400GB of scraped data exposing 200+ million Facebook, Instagram and LinkedIn users|https://www.safetydetectives.com/blog/socialarks-leak-report/]]|Data_Leak Misconfiguration|
|2021.01.11|//Threatpost//| → [[Millions of Social Profiles Leaked by Chinese Data-Scrapers|https://threatpost.com/social-profiles-leaked-chinese-data-scrapers/162936/]]|Data_Leak Misconfiguration|
|>|>|>||
|>|>|>|!Menaces / Threats |
|2021.01.13|//Checkpoint Software//|[[Cloud Threat Hunting: Attack & Investigation Series - Lateral Movement – Under the Radar|https://blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/]]|Threats|
|2021.01.13|//Checkpoint Software//| → [[Lateral Movement Under the Radar – Attack & Investigation Series|https://www.youtube.com/watch?v=S3GiN5S1128]] (vidéo)|Threats|
|2021.01.12|//Build 5 Nines//|[[Stopping Azure subdomain takeovers|https://build5nines.com/stopping-azure-subdomain-takeovers/]]|Compromise Domain_Names|
|>|>|>||
|>|>|>|!Bonnes Pratiques / Best Practices |
|2021.01.13|//Tripwire//|[[8 Cloud Security Best Practice Fundamentals for Microsoft Azure|https://www.tripwire.com/state-of-security/security-data-protection/securing-azure-best-practice-fundamentals/]]|Best_Practices Azure|
|2021.01.12|Security and Cloud 24/7|[[The Future of Data Security Lies in the Cloud|https://security-24-7.com/the-future-of-data-security-lies-in-the-cloud/]]|Recommendations|
|2021.01.12|TechTarget|[[6 SaaS security best practices to protect applications|https://searchcloudsecurity.techtarget.com/tip/6-SaaS-security-best-practices-to-protect-applications]]|Best_Practices SaaS|
|2021.01.11|CSO Online|[[Top 7 Security Mistakes When Migrating To Cloud-Based Apps|https://www.csoonline.com/article/3602609/top-7-security-mistakes-when-migrating-to-cloud-based-apps.html]]|Bad_Practices|
|2021.01.14|Continuity Central|[[Five resilience, availability, and data protection principles for Kubernetes|https://www.continuitycentral.com/index.php/news/technology/5844-five-resilience-availability-and-data-protection-principles-for-kubernetes]]|K8s Best_Practices|
|2021.01.14|//Perimeter 81//|[[Why Cloud Configs Are IT’s Most Urgent Audit in 2021|https://www.perimeter81.com/blog/cloud/why-cloud-configs-are-its-most-urgent-audit-in-2021/]]|Audits|
|>|>|>||
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2021.01.14|//Wandera//|![[Cloud Security Report 2021|https://www.wandera.com/cloud-security-report-2021eapvoeasdasdasdcaz/wandera-cloud-security-report-2021/]]|Report|
|2021.01.18|Dark Reading| → [[Successful Malware Incidents Rise as Attackers Shift Tactics|https://www.darkreading.com/threat-intelligence/successful-malware-incidents-rise-as-attackers-shift-tactics/d/d-id/1339912]]|Report|
|2021.01.18|Help Net Security| → [[Malware incidents on remote devices increase|https://www.helpnetsecurity.com/2021/01/18/malware-incidents-remote-devices/]]|Report|
|>|>|>||
|2021.01.13|//Sysdig//|[[Sysdig 2021 container security and usage report: Shifting left is not enough|https://sysdig.com/blog/sysdig-2021-container-security-usage-report/]]|Report|
|2021.01.13|Container Journal| → [[Sysdig Report Surfaces Shifts in Container Adoption|https://containerjournal.com/topics/container-ecosystems/sysdig-report-surfaces-shifts-in-container-adoption/]]|Report|
|2021.01.14|Help Net Security| → [[Most containers are running as root, which increases runtime security risk|https://www.helpnetsecurity.com/2021/01/14/containers-runtime-security-risk/]]|Report|
|>|>|>||
|2021.01.15|//Rapid7//|![[NICER Protocol Deep Dive: Internet Exposure of DNS-over-TLS|https://blog.rapid7.com/2021/01/15/nicer-protocol-deep-dive-internet-exposure-of-dns-over-tls/]] |!Report DNS|
|>|>|>|''Sondages / Surveys'' |
|2021.01.12|//Netwrix//|[[Survey: More than half of organizations that store customer data in the cloud had security incidents in 2020|https://www.netwrix.com/more_than_half_of_organizations_that_store_customer_data_in_the_cloud_had_security_incidents_in_2020.html]]|Report|
|2021.01.12|//Netwrix//| → [[2021 Cloud Data Security Report|https://www.netwrix.com/download/collaterals/2021%20Netwrix%20Cloud%20Data%20Security%20Report.pdf]]|Report|
|2021.01.12|Beta News| → [[Security incidents hit more than half of businesses storing data in the cloud|https://betanews.com/2021/01/12/security-incidents-hit-businesses-in-the-cloud/]]|Report|
|2021.01.15|MSSP Alert| → [[Report: Companies Removing Sensitive Data From Cloud on Security Worries|https://www.msspalert.com/cybersecurity-research/netwrix-data-security-report-2021//]]|Report|
|2021.01.14|//Wiz//|[[82% of companies unknowingly give 3rd parties access to all their cloud data|https://wiz.io/blog/82-of-companies-unknowingly-give-3rd-parties-access-to-all-their-cloud-data/]]|Study|
|>|>|>||
|2021.01.12|//Barracuda Networks//|[[New research reveals IT professionals’ growing confidence in public cloud despite security concerns|https://www.barracuda.com/news/article/816]]|Report|
|2021.01.14|Dark Reading| → [[Businesses Struggle with Cloud Availability as Attackers Take Aim|https://www.darkreading.com/cloud/businesses-struggle-with-cloud-availability-as-attackers-take-aim/d/d-id/1339904]]|Report|
|>|>|>|''Études / Studies'' |
|2021.01.15|Le MagT[img[iCSF/flag_fr.png]]|[[Cloud hybride : comparez AWS Outposts, Azure Stack et Google Anthos|https://www.lemagit.fr/conseil/Cloud-hybride-comparez-AWS-Outposts-Azure-Stack-et-Google-Anthos]]|AWS Azure GCP|
|2021.01.12|//Recorded Future//|[[Bulletproof Hosting Services Essential for Criminal Underground Security and Anonymity|https://www.recordedfuture.com/bulletproof-hosting-services/]] ([[pdf|https://go.recordedfuture.com/hubfs/reports/cta-2021-0112.pdf]])|Report Bulletproof_Hosting|
|>|>|>|''Publications'' |
|2021.01.14|//Tenable//|[[TL;DR: The Tenable Research 2020 Threat Landscape Retrospective|https://www.tenable.com/blog/tldr-the-tenable-research-2020-threat-landscape-retrospective]] ([[report|https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective]])|Report|
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Tools |
|>|>|>|''AWS (Amazon)'' |
|2021.01.12|//Amazon AWS//|[[How to approach threat modeling|https://aws.amazon.com/blogs/security/how-to-approach-threat-modeling/]]|Threat_Modeling|
|2021.01.13|//Ermetic//|[[Auditing PassRole: A Problematic Privilege Escalation Permission|https://ermetic.com/whats-new/blog/auditing-passrole-a-problematic-privilege-escalation-permission/]]|AWS IAM Audit|
|>|>|>|''Azure (Microsoft)'' |
|2021.01.14|//Microsoft Azure//|![[Azure Active Directory’s gateway is on .NET Core 3.1!|https://devblogs.microsoft.com/dotnet/azure-active-directorys-gateway-service-is-on-net-core-3-1/]] |AzureAD Gateway|
|2021.01.13|//Microsoft Azure//|[[Access Reviews for guests in all Teams and Microsoft 365 Groups is now in public preview|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/access-reviews-for-guests-in-all-teams-and-microsoft-365-groups/ba-p/1994697]]|Controls M365 Teams|
|2021.01.12|//Microsoft Azure//|[[Handling ingestion delay in Azure Sentinel scheduled alert rules|https://techcommunity.microsoft.com/t5/azure-sentinel/handling-ingestion-delay-in-azure-sentinel-scheduled-alert-rules/ba-p/2052851]]|Azure_Sentinel|
|2021.01.11|Matt Soseman|[[Azure Sentinel: What is it?|https://mattsoseman.wordpress.com/2021/01/11/azure-sentinel-what-is-it/]] ([[vidéo|https://www.youtube.com/watch?v=Seax8wcSS7s]])|Azure_Sentinel|
|>|>|>|''GCP (Google)'' |
|2021.01.14|//Google Cloud//|[[4 best practices for ensuring privacy and security of your data in Cloud Storage|https://cloud.google.com/blog/products/storage-data-transfer/google-cloud-storage-best-practices-to-help-ensure-data-privacy-and-security]]|GCP Best_Practices|
|2021.01.14|//Darkbit//|[[A Deeper Look at GKE Basic Auth|https://darkbit.io/blog/gke-basic-auth]]|GCP GKE|
|2021.01.13|//Google Cloud//|[[2021 resolutions: Kick off the new year with free Google Cloud training|https://cloud.google.com/blog/topics/training-certifications/kick-off-2021-with-skill-badges-and-free-training]]|GCP Training|
|2021.01.14|//Darkbit//|[[Google Kubernetes Engine IAM Roles|https://darkbit.io/blog/kubernetes-engine-iam-roles]]|K8s GCP|
|>|>|>|''OVH Cloud'' |
|2021.01.12|//OVH Cloud//[img[iCSF/flag_fr.png]]|[[OVHcloud obtient le Visa de sécurité ANSSI pour sa qualification SecNumCloud|https://www.ovh.com/fr/news/presse/cpl1721.ovhcloud-obtient-visa-securite-anssi-sa-qualification-secnumcloud]]|OVH_Cloud Sovereignty|
|2021.01.12|Les Echos[img[iCSF/flag_fr.png]]|[[Souveraineté numérique : OVHcloud a convaincu l'Anssi pour l'une de ses offres|https://www.lesechos.fr/tech-medias/hightech/souverainete-numerique-ovhcloud-a-convaincu-lanssi-pour-lune-de-ses-offres-1280374]]|OVH_Cloud Sovereignty|
|2021.01.12|Silicon[img[iCSF/flag_fr.png]]|[[SecNumCloud : OVHcloud adoubé par l'ANSSI|https://www.silicon.fr/secnumcloud-ovhcloud-anssi-356429.html]]|OVH_Cloud Sovereignty|
|>|>|>|''Alibaba Cloud'' |
|2021.01.13|//Alibaba Cloud//|[[Redefining Security in 2021|https://www.alibabacloud.com/blog/redefining-security-in-2021_597152]]|Alibaba Protection|
|2021.01.12|//Alibaba Cloud//|[[Empower Online Businesses with Alibaba Cloud Anti-DDoS, WAF, CDN and Cloud Firewall|https://www.alibabacloud.com/blog/empower-online-businesses-with-alibaba-cloud-anti-ddos-waf-cdn-and-cloud-firewall_597138]]|Alibaba Protection|
|>|>|>|''Kubernetes'' |
|2021.01.16|Rory McCune //NCC Group//|[[Getting into a bind with Kubernetes|https://raesene.github.io/blog/2021/01/16/Getting-Into-A-Bind-with-Kubernetes/]]|K8s|
|2021.01.12|Cloud Native Computing Foundation|[[What's Your Kubernetes Maturity?|https://www.cncf.io/blog/2021/01/12/whats-your-kubernetes-maturity/]]|K8s Maturity|
|2021.01.12|DZone|[[Kubernetes Security Essentials|https://dzone.com/refcardz/kubernetes-security-1]]|Misc|
|2021.01.12|//Stackrox//|[[CKS Certification Study Guide: Supply Chain Security|https://www.stackrox.com/post/2021/01/cks-certification-study-guide-supply-chain-security/]]|Supply_Chain|
|2021.01.14|//Stackrox//|![[CKS Certification Study Guide: Monitoring, Logging, and Runtime Security|https://www.stackrox.com/post/2021/01/cks-certification-study-guide-monitoring-logging-and-runtime-security/]]|K8s|
|2021.01.14|//AT&T Security//|[[Security context: The starting point for how Kubernetes Pod security works|https://cybersecurity.att.com/blogs/security-essentials/security-context-the-starting-point-for-how-kubernetes-pod-security-works]]|K8s|
|2021.01.13|//Darkbit//|[[The Power of Kubernetes RBAC LIST|https://darkbit.io/blog/the-power-of-kubernetes-rbac-list]]|K8s RBAC|
|2021.01.12|Container Journal|[[How to Measure Your Kubernetes Maturity|https://containerjournal.com/topics/container-ecosystems/how-to-measure-your-kubernetes-maturity/]]|K8s Maturity|
|>|>|>|''Conteneurs / Containers'' |
|2021.01.13|//Aquasec//|[[Boosting Container Security with Rootless Containers|https://blog.aquasec.com/rootless-containers-boosting-container-security]]|Containers|
|>|>|>|''Outils / Tools'' |
|2021.01.12|//Palo Alto Networks//|[[Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs|https://unit42.paloaltonetworks.com/aws-ebs-direct-apis/]]|Tools AWS|
|2021.01.12|//Palo Alto Networks//| → [[EBS Direst Sec Tools|https://github.com/crypsisgroup/ebs-direct-sec-tools]]|Tools AWS|
|>|>|>||
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts / Weekly 'Cloud and Security' Watch, Podcasts |
|>|>|>|''Veilles / Newsletters'' |
|2021.01.17|Marco Lancini|[[The Cloud Security Reading List #70|https://cloudseclist.com/issues/issue-70/]] |Weekly_Newsletter|
|2021.01.13|TL;DR Security|[[#66 - Automating Infra as Code Creation, Container Security++ with User Namespaces, #RustLyfe|https://tldrsec.com/blog/tldr-sec-066/]] |Weekly_Newsletter|
|>|>|>|''Podcasts'' |
|2021.01.17|Cloud Security Podcast|[[Infrastructure As Code Security|https://anchor.fm/cloudsecuritypodcast/episodes/INFRASTRUCTURE-AS-CODE-SECURITY-ep2skn]] ([[mp3|]])|Podcast|
|2021.01.14|//Sophos//|[[S3 Ep15: Titan keys, Mimecast certs and Solarwinds|https://nakedsecurity.sophos.com/2021/01/14/s3-ep15-titan-keys-mimecast-certs-and-solarwinds-podcast/]]|Podcast|
|2021.01.14|Screaming in the Cloud|[[Best Practices for AWS Security – Part 1 with Scott Piper|https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/best-practices-for-aws-security-part-1-with-scott-piper/]] ([[mp3|https://dts.podtrac.com/redirect.mp3/media.transistor.fm/a148c694/c2dbd8b8.mp3]]) (1/2)|Podcast|
|>|>|>||
|>|>|>|!Conformité / Compliance |
|2021.01.15|ZDnet[img[iCSF/flag_fr.png]]|![[SecNumCloud : Tout comprendre en cinq points|https://www.zdnet.fr/actualites/secnumcloud-tout-comprendre-en-cinq-points-39916267.htm]] |SecNumCloud|
|>|>|>||
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2021.01.12|Solutions Review|[[Solutions Review Releases 2021 Vendor Map for Cloud Managed Service Providers|https://solutionsreview.com/cloud-platforms/solutions-review-releases-2021-vendor-map-for-cloud-managed-service-providers/]]|Market|
|2021.01.12|Solutions Review| → [[2021 Vendor Map for Cloud Managed Service Providers|https://solutionsreview.com/cloud-platforms/cloud-msp-vendor-map/]]|Market|
|2021.01.10|Cloud Pundit|![[Terms of Service: From anti-spam to content takedown|https://cloudpundit.com/2021/01/10/terms-of-service-from-anti-spam-to-content-takedown/]] |Contracts|
|>|>|>|''Acquisitions'' |
|2021.01.13|//LogRhythm//|[[LogRhythm Acquires Threat Detection Platform MistNet|https://www.businesswire.com/news/home/20210113005167/en/LogRhythm-Acquires-Threat-Detection-Platform-MistNet/]]|Acquisition|
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''APIs'' |
|2021.01.15|SecureCloud Blog|[[Azure API management – Enforce use of Certificate in Client Credentials Flow|https://securecloud.blog/2021/01/15/azure-api-management-enforce-use-of-certificate-in-client-credentials-flow/]]|Azure APIs|
|>|>|>|''DNS'' |
|2021.01.14|NSA|[[Obfuscated DNS Queries|https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/]]|!DNS|
|2021.01.14|NSA|![[NSA Recommends Using Only 'Designated' DNS Resolvers|https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2471956/nsa-recommends-how-enterprises-can-securely-adopt-encrypted-dns/]]|!DNS|
|2021.01.14|NSA| → [[Adopting Encrypted DNS in Enterprise Environments|https://media.defense.gov/2021/Jan/14/2002564889/-1/-1/0/CSI_ADOPTING_ENCRYPTED_DNS_U_OO_102904_21.PDF]] (pdf)|!DNS|
|2021.01.14|Dark Reading|[[NSA Recommends Using Only Designated DNS Resolvers|https://www.darkreading.com/cloud/nsa-recommends-using-only-designated-dns-resolvers/d/d-id/1339901]]|!DNS|
|2021.01.13|//Verisign//|[[Cryptographic Tools for Non-Existence in the Domain Name System: NSEC and NSEC3|https://blog.verisign.com/security/cryptographic-tools-for-non-existence-in-the-domain-name-system-nsec-and-nsec3/]] (2/6)|!DNS|
|2021.01.14|//Verisign//|[[Newer Cryptographic Advances for the Domain Name System: NSEC5 and Tokenized Queries|https://blog.verisign.com/security/newer-cryptographic-advances-for-the-domain-name-system-nsec5-and-tokenized-queries/]] (3/6)|!DNS|
|>|>|>|''CSPM'' |
|2021.01.11|//Darkbit//|[[Reimagining Cloud Security Posture Assessments|https://darkbit.io/blog/cloud-security-posture-assessments]]|CSPM|
|>|>|>|''SASE'' |
|2021.01.11|ZDnet[img[iCSF/flag_fr.png]]|[[Comment le modèle SASE améliore la sécurité du cloud et du télétravail|https://www.lemagit.fr/conseil/Comment-le-modele-SASE-ameliore-la-securite-du-Cloud-et-du-teletravail]]|SASE|
|>|>|>|''Zero Trust'' |
|2021.01.11|//Palo Alto Networks//|[[Best Practices for Cloud Infrastructure: Zero Trust Microsegmentation|https://blog.paloaltonetworks.com/2021/01/cloud-zero-trust-microsegmentation/]]|Zero_Trust|
|>|>|>|''Autres / Others'' |
|2021.01.11|CSO Online|[[Top 7 security mistakes when migrating to cloud-based apps|https://www.csoonline.com/article/3602609/top-7-security-mistakes-when-migrating-to-cloud-based-apps.html]]|Migration|
|2021.01.12|//Radware//|[[When It Comes To Cloud Security, Least Privilege Takes Precedent|https://blog.radware.com/security/cloudsecurity/2021/01/when-it-comes-to-cloud-security-least-privilege-takes-precedence/]]|Misc|
|2021.01.12|//Compare the Cloud//|[[How To Ensure Security With Cloud Hosting?|https://www.comparethecloud.net/articles/cloud/how-to-ensure-security-with-cloud-hosting/]]|Hosting|
|2021.01.13|Last Week in AWS|![[Parler's New Serverless Architecture|https://www.lastweekinaws.com/blog/parlers-new-serverless-architecture/]] |Misc|
|2021.01.13|//Uptycs//|[[Continuously monitor your cloud infrastructure to improve cloud security posture|https://www.uptycs.com/blog/continuously-monitor-your-cloud-infrastructure-to-improve-cloud-security-posture]]|CSPM|
|2021.01.13|Reseller News|[[5 challenges every multicloud strategy must address|https://www.reseller.co.nz/article/685588/5-challenges-every-multicloud-strategy-must-address/?]]|Multi_Cloud|
|2021.01.14|Help Net Security|[[43% Of Financial Services Orgs Plan To Increase Private Cloud Investments|https://www.helpnetsecurity.com/2021/01/14/financial-services-private-cloud-investments/]]|Misc|
|2021.01.15|//Security Intelligence//|[[Hybrid Cloud Adoption Brings Security on the Go|https://securityintelligence.com/articles/hybrid-cloud-adoption-brings-security-on-the-go/]]|Hybrid_Cloud|
|2021.01.15|//Security Intelligence//|[[Misconfigurations: A Hidden but Preventable Threat to Cloud Data|https://securityintelligence.com/articles/misconfigurations-hidden-threat-to-cloud-data/]]|Misconfigurations Threat|
|2021.01.12|Computer Weekly|[[Cloud DR from the Big Three: Who’s best at what?|https://www.computerweekly.com/feature/Cloud-DR-from-the-Big-3-Whos-best-at-what]]|DRP|
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #98|2021.01.10 - Newsletter Hebdomadaire #98]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #98|2021.01.10 - Weekly Newsletter - #98]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.01.10 - Newsletter Hebdomadaire #98]]>> |<<tiddler [[2021.01.10 - Weekly Newsletter - #98]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 4 au 10 janvier 2021
!!1 - Informations CSA - 4 au 10 janvier 2021

* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Formation: Nouvelles session sécurité après 'AWS re:Invent'+++^*[»] <<tiddler [[2021.01.07 - Formation : Nouvelles sessions sécurité 'AWS re:Invent']]>>=== 
* Formation[img[iCSF/flag_fr.png]]: prochaine session CCSK en français en mars 2021+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
* Newsletter CSA pour Janvier/Février 2021+++^*[»] <<tiddler [[2021.01.06 - Actu : Newsletter CSA pour Janvier/Février 2021]]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 70 liens|2021.01.10 - Veille Hebdomadaire - 10 janvier]])

* __''À lire''__
** ''Alerte AA21-008A sur la détection d'activité après compromission dans les environnements Cloud de Microsoft (CISA)''
** ''Techniques d'attaques contre AWS (Scott Piper)''
** ''SolarStorm: Publication de nouvelles informations et d'IOCs''

* __Attaques, Incidents, Fuites de données, Pannes__
** Pannes : Slack le 4 janvier

* __Risques, Menaces, Vulnérabilités__
** Risques : Avantages et inconvénients du stockage AWS pour réduire le risque rançongiciel
** Menaces : Cloud, surface d'attaque, et composants critiques (//Zscaler//) • TeamTNT construit son Botnet sur des serveurs Cloud chinois (//Lacework//)

* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Pour le CSPM (//XM Cyber//)
** Détection : Prise d'empreinte pour les fichiers et les documents dans Microsoft 365 et les applications Cloud (Matt Soseman)

* __Rapports, Sondages, Études, Publications__
** Rapports : Analyse NICER de l'exposition Internet du DNS (//Rapid7//) • 'Adversary Infrastructure Report 2020' (//Recorded Future//)

* __Cloud Services Providers, Outils__
** AWS : Journalisation sur tous les services AWS • Comment éviter les coûts de tranferts de données dans AWS
** Azure : Explication de la gestion des identités dans Azure (Sebastiaan van Putten) • Vision globale d'Azure Sentinel (Marteen Goet) • 
** GCP : Nouvelle fonction "tail -f" pour l'analyse des journaux
** Oracle : Nouveau document CIS "Container Engine for Kubernetes Benchmark"
** Kubernetes : Vecteurs d'attaque par découverte
** Outils : S3 Viewer pour AWS • UhOh365 pour O365

* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts : 'Understanding Infrastructure as Code' (SilverLining) • 'Cloud Security Testing in AWS' (Cloud Security Podcast) • Panne Slack (//Thousand Eyes//)
** Veilles : TL;DR Security #65 • The Cloud Security Reading List #69 •

* __Juridique, Réglementation, Conformité__
** Juridique : Amazon perd le droit d'utliser la marue AWS en Chine

* __Marché, Acquisitions__
** Acquisitions : //StackRox// par //Red Hat / IBM// • //Secureworks// par //Atos// • //Volterra// par //F5 Networks//

* __Divers__
** Pen Tests: Why Red Team Testing Rules the Cloud (//Security Intelligence / IBM//)
** Autres : Rapide présentation de CNAPP, CIEM, CWPP, CASB et CSPM (//DivvyCloud//)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1A/|https://CloudSecurityAlliance.fr/go/L1A/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - January 4th to 10th, 2021
!!1 - CSA News and Updates - January 4th to 10th, 2021

* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Training: New security session in the wake of 'AWS re:Invent'+++^*[»] <<tiddler [[2021.01.07 - Formation : Nouvelles sessions sécurité 'AWS re:Invent']]>>=== 
* Training[img[iCSF/flag_fr.png]]: Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>=== 
* CSA Newsletter for January/February 2021+++^*[»] <<tiddler [[2021.01.06 - Actu : Newsletter CSA pour Janvier/Février 2021]]>>=== 
!!2 - Cloud and Security News Watch ([[over 70 links|2021.01.10 - Veille Hebdomadaire - 10 janvier]])

* __''Must read''__
** ''Alert AA21-008A on Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments (CISA)''
** ''Lesser Known Techniques for Attacking AWS Environments (Scott Piper)''
** ''SolarStorm: Many valuable information and IOCs have been published''

* __Attacks, Incidents, Data Leaks, Outages__
** Outages: Slack Outage on January 4th 

* __Risks, Threats, Vulnerabilities__
** Risks: Pros and Cons of AWS Storage as a Way to Defend Against Ransomware
** Threats: Critical Protection Points in Cloud Attack Surface (//Zscaler//) • TeamTNT Building Botnet from Chinese Cloud Servers (//Lacework//)

* __Best Practices, and Detection__
** Best Practices: Best Practices for CSPM (//XM Cyber//)
** Detection: File and Document Fingerprinting in Microsoft 365 and Cloud App Security (Matt Soseman)

* __Reports, Surveys, Studies, Publications__
** Reports: NICER Protocol Deep Dive on Internet Exposure of DNS (//Rapid7//) • 'Adversary Infrastructure Report 2020' (//Recorded Future//)

* __Cloud Services Providers, Tools__
** AWS: Enabling Logging on Every AWS Service • Avoiding AWS Data Transfer Costs
** Azure: Azure Managed Identity Explained (Sebastiaan van Putten) • Full Overview Azure Sentinel (Marteen Goet) • 
** GCP: New "tail -f" Functionality for Log Analysis
** Oracle: New Container Engine for Kubernetes Benchmark (CIS)
** Kubernetes: Discovery Threat Vectors•
** Tools: S3 Viewer for AWS • UhOh365 for O365

* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Podcasts: 'Understanding Infrastructure as Code' (SilverLining) • 'Cloud Security Testing in AWS' (Cloud Security Podcast) • Slack Outage (//Thousand Eyes//)
** Newsletters: TL;DR Security #65 • The Cloud Security Reading List #69 •

* __Legal, Regulatory, Compliance__
** Legal: Amazon Banned From Using AWS Logo in China Trademark Ruling

* __Market, Acquisitions__
** Acquisitions: //StackRox// by //Red Hat / IBM// • //Secureworks// by //Atos// • //Volterra// by //F5 Networks//

* __Miscellaneous__
** Pen Tests: Why Red Team Testing Rules the Cloud (//Security Intelligence / IBM//)
** Others: A Quick Look Into CNAPP, CIEM, CWPP, CASB, CSPM (//DivvyCloud//)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1A/|https://CloudSecurityAlliance.fr/go/L1A/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 4 au 10 janvier 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2021.01.04|//Summit Route//|![[Lesser Known Techniques for Attacking AWS Environments|https://tldrsec.com/blog/lesser-known-aws-attacks/]] |AWS Attacks|
|2021.01.08|CISA|[[Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments |https://us-cert.cisa.gov/ncas/alerts/aa21-008a]]|Alert|
|>|>|>||
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2021.01.08|ZDnet|[[A crypto-mining botnet is now stealing Docker and AWS credentials|https://www.zdnet.com/article/a-crypto-mining-botnet-is-now-stealing-docker-and-aws-credentials/]]|Crypto_Mining AWS Docker|
|>|>|>|''Pannes / Outages'' |
|2021.01.04|Slack|[[Customers may have trouble connecting to or using Slack|https://status.slack.com/2021-01-04]]|Outage Slack|
|2021.01.04|Bleeping Computer|[[Slack suffers its first massive outage of 2021|https://www.bleepingcomputer.com/news/technology/slack-suffers-its-first-massive-outage-of-2021/]]|Outage Slack|
|2021.01.04|Security Week|[[Slack Outage Causing Enterprise Security Hiccups|https://www.securityweek.com/slack-outage-causing-enterprise-security-hiccups]]|Outage Slack|
|>|>|>||
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2021.01.06|The Register|![[Storage on AWS: What's new, is it too complicated? Can it help defend against ransomware?|https://www.theregister.com/2021/01/06/storage_on_aws/]] |AWS Storage|
|>|>|>|''Menaces / Threats'' |
|2021.01.08|//Pentest Partners//|[[Azure AD. Attack of the Default Config|https://www.pentestpartners.com/security-blog/azure-ad-attack-of-the-default-config/]]|AzureAD Threat|
|2021.01.08|//Zscaler//|[[The Four Critical Protection Points in your Cloud Attack Surface|https://www.zscaler.com/blogs/product-insights/four-critical-protection-points-your-cloud-attack-surface]]|Attack_Surface|
|2021.01.06|//Imperva//|[[Software Supply Chain Attacks: From Formjacking to Third Party Code Changes|https://www.imperva.com/blog/software-supply-chain-attacks-from-formjacking-to-third-party-code-changes/]]|Supply_Chain_Attacks|
|2021.01.05|//Lacework//|[[TeamTNT Builds Botnet from Chinese Cloud Servers|https://www.lacework.com/teamtnt-builds-botnet-from-chinese-cloud-servers/]]|Threats China IOCs|
|>|>|>||
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2021.01.10|//XM Cyber//|[[Best Practices for Cloud Security Posture Management|https://www.xmcyber.com/best-practices-for-cloud-security-posture-management/]]|CSPM|
|2021.01.06|Computer Weekly|[[Five key points about cloud vs in-house disaster recovery|https://www.computerweekly.com/feature/Five-key-points-about-cloud-vs-in-house-disaster-recovery]]|DRP|
|>|>|>|''Détection / Detection'' |
|2021.01.07|Matt Soseman|[[Using Microsoft 365 Defender to Protect Against Solorigate|https://mattsoseman.wordpress.com/2021/01/07/using-microsoft-365-defender-to-protect-against-solorigate/]] ([[vidéo|https://www.youtube.com/watch?v=E_daVfh-SaQ]])|SolarStorm|
|2021.01.06|Matt Soseman|[[File Fingerprints in Microsoft Cloud App Security|https://mattsoseman.wordpress.com/2021/01/06/file-fingerprints-in-microsoft-cloud-app-security/]] ([[vidéo|https://www.youtube.com/watch?v=t2cBac1Zd8Y]])|Fingerprinting|
|2021.01.05|Matt Soseman|[[Document Fingerprint in M365 DLP in Exchange Online|https://mattsoseman.wordpress.com/2021/01/05/document-fingerprint-in-m365-dlp-in-exchange-online/]] ([[vidéo|https://www.youtube.com/watch?v=0eCKvdWxw0k]])|Fingerprinting|
|2021.01.04|Matt Soseman|[[What is Document Fingerprinting in Microsoft 365|https://mattsoseman.wordpress.com/2021/01/04/what-is-document-fingerprinting-in-microsoft-365/]] ([[vidéo|https://www.youtube.com/watch?v=Paal4I-vdF0]])|Fingerprinting|
|2021.01.03|Matt Soseman|[[Microsoft 365 Defender Incident Email Notifications|https://mattsoseman.wordpress.com/2021/01/03/microsoft-365-defender-incident-email-notifications/]] ([[vidéo|https://www.youtube.com/watch?v=usMvIkaKclE]])|Notification|
|2021.01.08|Dark Reading|[[Top 5 'Need To Know' Coding Defects For DevSecOps|https://www.darkreading.com/malware-developers-refresh-their-attahttps://www.darkreading.com/vulnerabilities---threats/top-5-need-to-know-coding-defects-for-devsecops-/a/d-id/1339778]]|DevSecOps|
|>|>|>||
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2021.01.07|//Recorded Future//|[[Adversary Infrastructure Report 2020: A Defender's View|https://www.recordedfuture.com/2020-adversary-infrastructure-report/]] ([[pdf|https://go.recordedfuture.com/hubfs/reports/cta-2021-0107.pdf]])|Report|
|2021.01.05|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of DNS|https://blog.rapid7.com/2021/01/05/nicer-protocol-deep-dive-internet-exposure-of-dns/]]|!Report DNS|
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2021.01.07|//Amazon AWS//|[[Use AWS Secrets Manager to simplify the management of private certificates|https://aws.amazon.com/blogs/security/use-aws-secrets-manager-to-simplify-the-management-of-private-certificates/]]|AWS Secrets_Management|
|2021.01.07|//Amazon AWS//|[[re:Invent – New security sessions launching soon|https://aws.amazon.com/blogs/security/reinvent-new-security-sessions-launching-soon/]]|AWS Conference|
|2021.01.06|Last Week in AWS|![[Terrible Ideas for Avoiding AWS Data Transfer Costs|https://www.lastweekinaws.com/blog/terrible-ideas-for-avoiding-aws-data-transfer-costs/]] |AWS Costs|
|2021.01.04|Matt Fuller|![[How to Enable Logging on Every AWS Service in Existence (Circa 2021)|https://matthewdf10.medium.com/how-to-enable-logging-on-every-aws-service-in-existence-circa-2021-5b9105b87c9]] |AWS Logging|
|>|>|>|''Azure (Microsoft)'' |
|2021.01.08|BetaNews|[[Businesses need to take Teams security seriously|https://betanews.com/2021/01/08/businesses-teams-security-seriously/]]|Security|
|2021.01.06|Sebastiaan van Putten|[[How Azure Managed Identity works explained. A special type of Enterprise Application|https://www.seb8iaan.com/how-azure-managed-identity-works-explained-another-enterprise-applications-chapter/]]|Azure IAM|
|2021.01.06|Redmond Channel|[[Microsoft Promises To Raise Azure AD Uptime to 99.99 Percent|https://rcpmag.com/articles/2021/01/05/azure-ad-uptime-to-four-nines.aspx]]|AzureAD|
|2021.01.05|Marteen Goet|[[Azure Sentinel.. complete overview|https://raw.githubusercontent.com/maartengoet/presentations/master/2021_01_experts_live_austria_azure_sentinel.pdf]] (pdf) |Azure_Sentinel|
|2021.01.04|Bleeping Computer|[[Microsoft Defender for Office 365 to allow testing without setup|https://www.bleepingcomputer.com/news/security/microsoft-defender-for-office-365-to-allow-testing-without-setup/]]|O365|
|>|>|>|''GCP (Google)'' |
|2021.01.06|//Google Cloud//|[[Find logs fast with new "tail -f" functionality in Cloud Logging|https://cloud.google.com/blog/products/management-tools/cloud-logging-gets-real-time-log-searching/]] ([[référence|https://cloud.google.com/sdk/gcloud/reference/alpha/logging/tail]])|Log_Analysis|
|>|>|>|''Oracle'' |
|2021.01.06|//Oracle Cloud//|[[Announcing the CIS Oracle Cloud Infrastructure Container Engine for Kubernetes Benchmark|https://blogs.oracle.com/cloud-infrastructure/announcing-the-cis-oracle-cloud-infrastructure-container-engine-for-kubernetes-benchmark]]|Oracle Kubernetes Benchmark|
|>|>|>|''Kubernetes'' |
|2021.01.06|//Alcide//|[[Kubernetes Threat Vectors - Part 7: Discovery|https://www.alcide.io/kubernetes-threat-vectors-part-7-discovery]] (7/11) |Kubernetes Threats|
|2021.01.06|//Stackrox//|[[CKS Certification Study Guide: Minimize Microservice Vulnerabilities|https://www.stackrox.com/post/2021/01/cks-certification-study-guide-minimize-microservice-vulnerabilities/]]|Microservices|
|>|>|>|''Docker'' |
|2021.01.09|Jatin Yadav|[[Harden Docker with CIS – (P6) Container Runtime Configuration – Part 1|https://blog.jtnydv.com/harden-docker-with-cis-p6-container-runtime-configuration-part-1/]]|Docker Hardening CIS|
|2021.01.16|Jatin Yadav|[[Harden Docker with CIS – (P6) Container Runtime Configuration – Part 2|https://blog.jtnydv.com/harden-docker-with-cis-p6-container-runtime-configuration-part-2/]]|Docker Hardening CIS|
|>|>|>|''Workloads'' |
|2021.01.10|//Zscaler//|[[Simplifying and Automating Cloud Workload Protection|https://www.zscaler.com/blogs/product-insights/simplifying-and-automating-cloud-workload-protection]]|Workloads|
|>|>|>|''Outils / Tools'' |
|2021.01.09|Sharon Brizinov|![[S3 Viewer|https://github.com/SharonBrizinov/s3viewer]]: Publicly Open Amazon AWS S3 Bucket Viewer |Tools AWS|
|2021.01.07|Kitploit|[[UhOh365 - A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)|https://www.kitploit.com/2021/01/uhoh365-script-that-can-see-if-email.html]] ([[Github|https://github.com/Raikia/UhOh365]])|Tools O365|
|2021.01.05|//Catchpoint//|[[Instant Test Integration with Slack|https://blog.catchpoint.com/2021/01/05/instant-test-integration-with-slack/]] ([[vidéo|https://www.youtube.com/watch?v=F16U_zMMsgs]])|Slack Notification|
|>|>|>||
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2021.01.05|SilverLining IL|[[Episode 32: Understanding Infrastructure as Code and How to Use it Effectively|https://silverlining-il.castos.com/episodes/episode-32-understanding-infrastructure-as-code-and-how-to-use-it-effectively]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/silverlining-podcast-????-???????.mp3]])|Podcast|
|2021.01.10|Cloud Security Podcast|[[Cloud Security Testing in AWS|https://anchor.fm/cloudsecuritypodcast/episodes/Cloud-Security-Testing-in-AWS-eop3tu]]|Podcast|
|2021.01.10|//Thousand Eyes//|[[Ep. 32: What Happened with Slack's Outage; Plus, Talking Cloud Resiliency with Forrest Brazeal of A Cloud Guru|https://blog.thousandeyes.com/internet-report-episode-32/]] ([[vidéo|https://www.youtube.com/watch?v=pRv-XqO1Ego]])|Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2021.01.10|Marco Lancini|[[The Cloud Security Reading List #69|https://cloudseclist.com/issues/issue-69/]] |Weekly_Newsletter|
|2021.01.06|TL;DR Security|[[#65 - Lesser Known AWS Attacks, Infra as Code Scanning, Template Injection Workshop|https://tldrsec.com/blog/tldr-sec-065/]] |Weekly_Newsletter|
|>|>|>||
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|''Juridique / Legal'' |
|2021.01.05|Wall Street Journal|[[Amazon Banned From Using AWS Logo in China Trademark Ruling|https://www.wsj.com/articles/amazon-banned-from-using-aws-logo-in-china-trademark-ruling-11609841232]]|China Trademark AWS|
|2021.01.06|The Register| → [[Amazon Web Services launches appeal after losing $12m AWS trademark war in China to local biz Actionsoft|https://www.theregister.com/2021/01/05/aws_chinese_trademark/]]|China Trademark AWS|
|>|>|>|''Réglementation / Regulatory'' |
|2021.01.07|JDSupra|[[Up, up and away! Moving eDiscovery to the Cloud|https://www.jdsupra.com/legalnews/up-up-and-away-moving-ediscovery-to-the-4625148/]]|eDiscovery|
|>|>|>||
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2021.01.07|MSSP Alert|[[Telos Targets Amazon AWS Cloud Vulnerability Management|https://www.msspalert.com/cybersecurity-services-and-products/telos-xacta-aws-cloud-vulnerability-mgmt/]]|Products|
|2021.01.05|//Netskope//|[[Where CASB and SWG Are Headed|https://www.netskope.com/blog/where-casb-and-swg-are-headed]]|CASB SWG|
|>|>|>|''Acquisitions'' |
|2021.01.07|//RedHat//|[[Red Hat to Acquire Kubernetes-Native Security Leader StackRox|https://www.redhat.com/en/about/press-releases/red-hat-acquire-kubernetes-native-security-leader-stackrox]]|Acquisition|
|2021.01.07|//RedHat//| → [[FAQ: Red Hat to acquire StackRox |https://www.redhat.com/en/blog/faq-red-hat-acquire-stackrox]]|Acquisition|
|2021.01.07|//StackRox//| → [[Red Hat to Acquire StackRox to Further Expand its Security Leadership|https://www.stackrox.com/post/2021/01/red-hat-to-acquire-stackrox/]]|Acquisition|
|2021.01.07|Security Week| → [[Red Hat Buys Container Security Firm StackRox|https://www.securityweek.com/red-hat-buys-container-security-firm-stackrox]]|Acquisition|
|2021.01.07|Help Net Security| → [[Red Hat to acquire StackRox, enabling users to build, deploy and run apps across the hybrid cloud|https://www.helpnetsecurity.com/2021/01/08/red-hat-stackrox/]]|Acquisition|
|2021.01.07|MSSP Alert|[[Atos Acquiring Secureworks from Dell Technologies?|https://www.msspalert.com/investments/atos-acquiring-secureworks-from-dell-technologies/]]|Acquisition|
|2021.01.07|Silicon Angle|[[F5 Networks to acquire edge-as-a-service startup Volterra for $500M|https://siliconangle.com/2021/01/07/f5-networks-acquire-edge-service-startup-volterra-500m/]]|Acquisition|
|2021.01.07|container Journal|[[F5 Networks to Acquire Volterra to Push Apps to the Edge|https://containerjournal.com/uncategorized/f5-networks-to-acquire-volterra-to-push-apps-to-the-edge/]]|Acquisition|
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''Tests d'intrusion / Pen Tests'' |
|>|>|>|''DNS / BGP / NTP'' |
|2021.01.07|//Security Intelligence//|[[Why Red Team Testing Rules the Cloud|https://securityintelligence.com/posts/red-teaming-cybersecurity-rules-the-cloud/]]|Red_Team|
|2021.01.10|//Tripwire//|[[It's Always DNS – But Not in the Way You May Think|https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/dns-but-not-way-you-may-think/]]|!DNS|
|2021.01.08|//Verisign//|[[The Domain Name System: A Cryptographer’s Perspective|https://blog.verisign.com/the-domain-name-system-a-cryptographers-perspective/]] (1/6)|!DNS|
|>|>|>|''SASE'' |
|2021.01.04|Security Week|[[Getting SASE, Without the Hyperbole|https://www.securityweek.com/getting-sase-without-hyperbole]]|SASE|
|>|>|>|''Zero Trust'' |
|2021.01.08|//Illumio//|[[Take Me to Your Domain Controller: Protections & Mitigations Using Zero Trust Tools|https://www.illumio.com/blog/domain-controller-3]] (3/3)|Zero_Trust|
|>|>|>|''Autres / Others'' |
|2021.01.10|Gerben Wierda|[[The many lies about reducing complexity part 2: Cloud|https://ea.rna.nl/2021/01/10/the-many-lies-about-reducing-complexity-part-2-cloud/]] (2/2)|Architecture|
|2021.01.07|//Threatstack//|[[Five Cloud Security Myths|https://www.threatstack.com/blog/five-cloud-security-myths]]|Myths|
|2021.01.07|//Lifars//|[[Shadow IT: The Risks, How it Gets Exploited, Its Mitigation Steps|https://lifars.com/2021/01/shadow-it/]]|Shadow_IT|
|2021.01.06|GBHackers on Security|![[Cloud Security vs. Network Security: What's the Difference?|https://gbhackers.com/cloud-security-vs-network/]]|Misc|
|2021.01.06|//DivvyCloud//|[[A Quick Look Into Cloud Security Posture Management (CSPM)|https://divvycloud.com/blog-cspm/]]|CSPM|
|2021.01.06|//DivvyCloud//|[[A Quick Look Into Cloud Access Security Brokers (CASB)|https://divvycloud.com/blog-casb/]]|CASB|
|2021.01.06|//DivvyCloud//|[[A Quick Look Into Cloud Workload Protection Platforms (CWPP)|https://divvycloud.com/blog-cwpp/]]|CWPP Workloads|
|2021.01.06|//DivvyCloud//|[[A Quick Look Into Cloud Infrastructure Entitlement Management (CIEM)|https://divvycloud.com/blog-ciem/]]|CIEM|
|2021.01.06|//DivvyCloud//|[[A Quick Look Into Cloud-Native Application Protection Platform (CNAPP)|https://divvycloud.com/blog-cnapp/]]|CNAPP|
<<tiddler [[arOund0C]]>>
Si vous avez raté les sessions de l'événement virtuel ''+++^*[AWS re:Invent 2020] https://reinvent.awsevents.com/ ==='' traitant des problématiques de sécurité, d'identité ou de conformité, elles sont disponibles sr le site Web ''+++^*[AWS re:Invent] https://virtual.awsevents.com/agenda?trk=direct ===''.
De nouvelles sessions traitant de ces sujets sont organisées du 12 au 15 janvier 2021.
L'agenda est le suivant :
|!SEC210|>|>|!"Protecting sensitive data with Amazon Macie and Amazon GuardDuty" par Himanshu Verma, AWS|
|Créneaux|Mardi 12 janvier de 20h00 à 20h30|Mercredi 13 janvier de 4h00 à 4h30|Mercredi 13 janvier de 12h00 à 12h30|
|Détails|>|>|//As organizations manage growing volumes of data, identifying and protecting your sensitive data can become increasingly complex, expensive, and time-consuming. In this session, learn how Amazon Macie and Amazon GuardDuty together provide protection for your data stored in Amazon S3. Amazon Macie automates the discovery of sensitive data at scale and lowers the cost of protecting your data. Amazon GuardDuty continuously monitors and profiles S3 data access events and configurations to detect suspicious activities. Come learn about these security services and how to best use them for protecting data in your environment.//|
|Média|>|>|Après inscription : [[vidéo et slides|https://virtual.awsevents.com/media/0_gg7up7sv]]|
|!SEC211|>|>|!"BBC: Driving security best practices in a decentralized organization" par Apurv Awasthi, AWS et Andrew Carlson, Sr. Software Engineer, BBC|
|Créneaux|Mardi 12 janvier de 22h15 à 22h45|Mercredi 13 janvier de 6h15 à 6h45|Mercredi 13 janvier de 14h15 à 14h45|
|Détails|>|>|//In this session, Andrew Carlson, engineer at BBC, talks about BBC's journey while adopting AWS Secrets Manager for lifecycle management of its arbitrary credentials such as database passwords, API keys, and third-party keys. He provides insight on BBC's secrets management best practices and how the company drives these at enterprise scale in a decentralized environment that has a highly visible scope of impact.//|
|!SEC321|>|>|!"Get ahead of the curve with DDoS Response Team escalations" par Fola Bolodeoku, AWS|
|Créneaux|Mardi 12 janvier de 00h30 à 01h00|Mardi 12 janvier de 20h30 à 21h00|Mercredi 13 janvier de 16h30 à 17h00|
|Détails|>|>|//This session identifies tools and tricks that you can use to prepare for application security escalations, with lessons learned provided by the AWS DDoS Response Team. You learn how AWS customers have used different AWS offerings to protect their applications, including network access control lists, security groups, and AWS WAF. You also learn how to avoid common misconfigurations and mishaps observed by the DDoS Response Team, and you discover simple yet effective actions that you can take to better protect your applications' availability and security controls.//|
|Média|>|>|Après inscription : [[vidéo et slides|https://virtual.awsevents.com/media/0_ct13nqf6]]|
|!SEC322|>|>|!"Network security for serverless workloads" par Alex Tomic, AWS|
|Créneaux|Jeudi 14 janvier de 22h30 à 23h00|Vendredi 15 janvier de 6h30 à 07h00|Vendredi 15 janvier de 14h30 à 15h00|
|Détails|>|>|//Are you building a serverless application using services like Amazon API Gateway, AWS Lambda, Amazon DynamoDB, Amazon Aurora, and Amazon SQS? Would you like to apply enterprise network security to these AWS services? This session covers how network security concepts like encryption, firewalls, and traffic monitoring can be applied to a well-architected AWS serverless architecture.//|
|Média|>|>|Après inscription : [[vidéo et slides|https://virtual.awsevents.com/media/0_w1mk6qki]]|
|!SEC323|>|>|!"Building your cloud incident response program" par Freddy Kasprzykowski, AWS|
|Créneaux|Mercredi 13 janvier de 18h00 à 18h30|Jeudi 14 janvier 02h00 à 02h30|Jeudi 14 janvier de 10h00 à 10h30|
|Détails|>|>|//You've configured your detection services and now you've received your first alert. This session provides patterns that help you understand what capabilities you need to build and run an effective incident response program in the cloud. It includes a review of some logs to see what they tell you and a discussion of tools to analyze those logs. You learn how to make sure that your team has the right access, how automation can help, and which incident response frameworks can guide you.//|
|Média|>|>|Après inscription : [[vidéo et slides|https://virtual.awsevents.com/media/0_q5oea4np]]|
|!SEC324|>|>|!"Beyond authentication: Guide to secure Amazon Cognito applications" par Mahmoud Matouk, AWS|
|Créneaux|Mercredi 13 janvier de 23h15 à 23h45|Jeudi 14 janvier de 07h15 à 07h45|Jeudi 14 janvier de 15h15 à 15h45|
|Détails|>|>|//Amazon Cognito is a flexible user directory that can meet the needs of a number of customer identity management use cases. Web and mobile applications can integrate with Amazon Cognito in minutes to offer user authentication and get standard tokens to be used in token-based authorization scenarios. This session covers best practices that you can implement in your application to secure and protect tokens. You also learn about new Amazon Cognito features that give you more options to improve the security and availability of your application//|
|!SEC325|>|>|!"Event-driven data security using Amazon Macie" par Neha Joshi, AWS|
|Créneaux|Jeudi 14 janvier de 17h00 à 17h30|Vendredi 15 janvier de 01h00 à 01h30|Vendredi 15 janvier de 19h00 à 19h30|
|Détails|>|>|//Amazon Macie sensitive data discovery jobs for Amazon S3 buckets help you discover sensitive data such as personally identifiable information (PII), financial information, account credentials, and workload-specific sensitive information. In this session, you learn about an automated approach to discover sensitive information whenever changes are made to the objects in your S3 buckets//|
|!SEC327|>|>|!"Instance containment techniques for effective incident response" par Jonathon Poling, AWS|
|Créneaux|Jeudi 14 janvier de 19h15 à 19h45|Vendredi 15 janvier de 03h15 à 03h45|Vendredi 15 janvier de 11h15 à 11h45|
|Détails|>|>|//In this session, learn about several instance containment and isolation techniques, ranging from simple and effective to more complex and powerful, that leverage native AWS networking services and account configuration techniques. If an incident happens, you may have questions like “How do we isolate the system while preserving all the valuable artifacts?” and “What options do we even have?”. These are valid questions, but there are more important ones to discuss amidst a (possible) incident. Join this session to learn highly effective instance containment techniques in a crawl-walk-run approach that also facilitates preservation and collection of valuable artifacts and intelligence//|
|Média|>|>|Après inscription : [[vidéo et slides|https://virtual.awsevents.com/media/0_ma5diduk]]|
|!SEC402|>|>|!"Trusted connects for government workloads" par Brad Dispensa, AWS|
|Créneaux|Mercredi 13 janvier de 20h15 à 20h45|Jeudi 14 janvier de 04h15 à 04h45|Jeudi 14 janvier de 12h15 à 12h45|
|Détails|>|>|//Cloud adoption across the public sector is making it easier to provide government workforces with seamless access to applications and data. With this move to the cloud, we also need updated security guidance to ensure public-sector data remain secure. For example, the TIC (Trusted Internet Connections) initiative has been a requirement for US federal agencies for some time. The recent TIC-3 moves from prescriptive guidance to an outcomes-based model. This session walks you through how to leverage AWS features to better protect public-sector data using TIC-3 and the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Also, learn how this might map into other geographies//|

Inscriptions ⇒ https://reinvent.awsevents.com/agenda/
Voici la newsletter publiée par le CSA pour les Chapitres Européens, nord et sud américains. pour les mois de Janvier et de Février 2021.
<<<
|ssTablN0|k
|>| [img(auto,125px)[iCSA/KL6N1.jpg]] |
|>|Dear Chapters, |
|>|Thank you for participating in CSA's global community. We hope you enjoy this newsletter, created exclusively for CSA Chapters. Feel free to share with your members.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Chapters Volunteer Awards|
|>||
|>|We would like to recognize the following Chapter Leaders for their outstanding volunteer service during 2020. Although many Chapter Leaders are deserving of being recognized for their volunteer service, the following Leaders went above and beyond for their Chapters and their local communities.|
|[img(150px,auto)[iCSA/KL6N2.jpg]]|!Matt Nelson, West Michigan Chapter|
|~|With the help from his Chapter,Matt spearheaded an almost year-long campaign to raise money for local charities in need and COVID front-line workers, raising over $50k.|
|~|He also hosted a two-day CloudCon virtual event in August that was sold out.|
|~|Finally, Matt helped promote and drive engagement to a Women in Tech organization, Bridges in Tech, which helps to provide mentoring and promote the hiring and education of women and minorities.|
|[img(150px,auto)[iCSA/KL6N3.jpg]]|!Victor Monga, LA/SoCal Chapter|
|~|With the help of his Chapter, Victor helped createa CCSK study group, which met once a week for 6 weeks, covering the 6 domains of the CCSK online training course. There were 42 participants who registered for this weekly study group, and they made recordings and slides of each meeting available on the CSA LA/SoCalChapter YouTube channel. In addition, 30 complimentary CCSK self-paced training course licenses were provided to individuals who lost employment due to COVID-19. Earning the CCSK certificate has helped members gain a thorough understanding of cloud security best practices and given them the ability to answer specific cloud security questions during job interviews. |
|~|Also, Victor has a been a regular contributor to the Chapter Leadership Meetings, providing insight and best practices on community organization and development, offering to mentor those Chapters that are just starting out or are less mature.|
|[img(150px,auto)[iCSA/KL6N4.jpg]]|!Olivier Caleff, French Chapter|
|~|Olivier has been instrumental in engaging the entire CSA EMEA community with the CSA CIRCLE platform. He has embraced the CIRCLE platform, created a newsletter, and posts discussion topics to various communities each week.|
|~|In addition to embracing and engaging with CIRCLE, Olivier continues to be the single guiding force in promoting CSA and cloud security best practices in France and Switzerland.|
|~|Olivier has been a contributor to CSA research by actively working to translate many of the CSA whitepapers into French, helping to increase their outreach and value in French speaking countries around the globe.|
|>|''Thank you to all of the Chapter Volunteer Award recipients for 2020. Outstanding service beyond expectation. THANK YOU!!!''|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Engagement|
|>||
|[img(150px,auto)[iCSA/KL6N5.jpg]]|!Circle|
|~|ALL Chapters should have an active Chapter community on the CSA CIRCLE platform. |
|~|https://cloudsecurityalliance.connectedcommunity.org/home 
If you do not have a CIRCLE community for your Chapter, please reach out to [[Carolina Ozan|mailto:cozan@cloudsecurityalliance.org]] or [[Todd Edison|mailto:tedison@cloudsecurityalliance.org]] to help get that created.| |[img(150px,auto)[iCSA/KL6N6.png]]|!Certificate of Cloud Auditing Knowledge (CCAK)| |~|We announced a new partnership with ISACA to operate our previously announced Certificate of Cloud Auditing Knowledge (CCAK) as a joint venture. We expect to deliver the CCAK exam, training and body of knowledge by the end of Q1. The strategic significance is not merely the partnership between the world's IT audit and cloud security leaders. It is the shared vision we have to collaborate in order to reinvent, improve and harmonize audit assurance in the cloud. We hope to make a positive difference on the global, national and grassroots levels and truly make cloud computing as trustworthy as any part of the technology spectrum. | |~|More Information → https://cloudsecurityalliance.org/education/ccak/ | |[img(100px,auto)[iCSA/KL6N7.png]][img(100px,auto)[iCSA/KL6N8.png]][img(100px,auto)[iCSA/KL6N9.png]]|!Recently Published Research| |~|CSA released the following research documents this past month. Like all of CSA's research, they are completely vendor-neutral and freely accessible on our website | |~|• Research: '[[Cloud-Based, Intelligent Ecosystems|https://cloudsecurityalliance.org/artifacts/cloud-based-intelligent-ecosystems/]]'| |~|• Research: '[[The 2020 State of Identity Security in the Cloud|https://cloudsecurityalliance.org/artifacts/the-2020-state-of-identity-security-in-the-cloud/]]'| |~|• Research: '[[Key Management when using Cloud Services|https://cloudsecurityalliance.org/artifacts/key-management-when-using-cloud-services/]]'| |~|• Research: '[[Software-Defined Perimeter Zero Trust Charter|https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-charter/]]'| |~|!Other Research News| |~|• Research: '[[Enterprise Architecture to CCM Shared Responsibility Model|https://cloudsecurityalliance.org/artifacts/enterprise-architecture-ccm-shared-responsibility-model/]]'| |~|• Peer Review: '[[Critical Controls Implementation for Oracle E-Business Suite|https://cloudsecurityalliance.org/artifacts/critical-controls-implementation-for-oracle-e-business-suite/]]'| |~|• Survey: '[[Cloud Security Concerns, Challenges, and Incidents|https://www.surveymonkey.com/r/CSA2021]]'| |~|• Blog: '[[Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center|https://cloudsecurityalliance.org/blog/2020/12/16/migrating-to-the-cloud-compliance-issues-when-transitioning-from-a-traditional-data-center/]]'| |~|If you have any questions around how to implement this research, you can ask our research analysts and working group members in our Circle Community [[here|https://circle.cloudsecurityalliance.org/communities/allcommunities?DisplayBy=3&OrderBy=0&CommunityTypeKey=314037a2-8690-4cd7-b3f6-596013ec15ca&FilterBy=]].| |>|[img(50%,1px)[iCSF/BluePixel.gif]]| |>|!Upcoming Events| |>|| |[img(150px,auto)[iCSA/KL6NA.jpg]]|!CloudBytes Connect| |~|February 2-4, 2021, Virtual| |~|CSA is excited to launchCloudBytes Connect, a multi-day virtual event program that brings the collaboration of research and community to the forefront. Leveraging CSA's research initiatives to educate the industry on key issues and trends faced in cloud security, CloudBytes Connect will introduce participants, free of charge, to their peers and prominent leaders in the cloud and cybersecurity industry.| |~|Over the course of three days, CSA will present a world-class program of speakers who will provide in-depth discussion and insight on specific topics each day. Keynote sessions will be presented from 9:00 am to 1:00 pm (PST) each morning.| |~|Chapters will be given an opportunity to host a booth at CloudBytes connect to share information about their Chapters with attendees. If you would like to host a boot during the CloudBytes Connect event, please contact [[Todd Edison|mailto:tedison@cloudsecurityalliance.org]] | |~|More Information → https://web.cvent.com/event/0383a9e5-ab2a-4a39-871c-5767658425a2/summary?RefId=main | |>|See our full list of events [[here|https://cloudsecurityalliance.org/events]].| |>|Let us know if you would like to post your chapter meeting, event, or webinaron the CSA Circle platform. This is an opportunity to increase your event audience, as there are currently over 4,000 Circle community users.| |>|[img(50%,1px)[iCSF/BluePixel.gif]]| |>|Until next time...| |>|Sincerely,| |>|''Todd Edison -- Chapter Relations Manager, Cloud Security Alliance''| <<<
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #97|2021.01.03 - Newsletter Hebdomadaire #97]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #97|2021.01.03 - Weekly Newsletter - #97]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.01.03 - Newsletter Hebdomadaire #97]]>> |<<tiddler [[2021.01.03 - Weekly Newsletter - #97]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 28 au 3 janvier 2021
!!1 - Informations CSA - 28 décembre au 3 janvier 2021

* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 30 liens|2021.01.03 - Veille Hebdomadaire - 03 janvier]])

* __''À lire''__
** ''Menaces Cloud-Native en 2020'' (Hackmageddon)
** ''Vulnerabilités DNS et Cloud : historique'' (//Palo Alto Networks//)
** ''Histoire de la connectivité réseau par Bob Reselman'' (fin)
** ''SolarStorm: Publication de nouvelles informations et d'IOCs''

* __Attaques, Incidents, Fuites de données, Pannes__
** Pannes : Wasabi impacté

* __Risques, Menaces, Vulnérabilités__
** Risques : sécurité du SaaS

* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Améliorer la sécurité des buckets S3 • sécurisation des images de containers

* __Cloud Services Providers, Outils__
** Kubernetes: Vecteurs d'attaque et gestion des accès (//Alcide//) 
** Outils: les différents types de shell dans le cloud • 'GKE Auditor' (Google Kubernetes Engine Misconfigurations)

* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts: "Devenir un architecte sécurité Cloud" (Cloud Security Podcast)

* __Divers__
** Chiffrement Homomorphique : l'approche d'Intel
** Formation : 16 formations en ligne sur Udemy
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L13/|https://CloudSecurityAlliance.fr/go/L13/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - January 28th to 3rd, 2021
!!1 - CSA News - December 28th to January 3rd, 2021

* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
!!2 - Cloud and Security News Watch ([[over 30 links|2021.01.03 - Veille Hebdomadaire - 03 janvier]])

* __''Must read''__
** ''Cloud-Native Threats in 2020'' (Hackmageddon)
** ''The History of DNS Vulnerabilities and the Cloud'' (//Palo Alto Networks//)
** ''Bob Reselman's final article on the history of network connectivity''
** ''SolarStorm: Many valuable information and IOCs have been published''

* __Attacks, Incidents, Data Leaks, Outages__
** Outages: Wasabi cloud storage service 

* __Risks, Threats, Vulnerabilities__
** Risks: SaaS security

* __Best Practices, and Detection__
** Best Practices: Boosting Amazon S3 Bucket Security • Securing Container Images

* __Cloud Services Providers, Tools__
** Kubernetes: Threat Vectors: Credentials Access (//Alcide//)
** Tools: Cloud Shell alternatives • 'GKE Auditor' (Google Kubernetes Engine Misconfigurations)

* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Podcasts: 'Becoming a Cloud Security Architect' (Cloud Security Podcast)

* __Miscellaneous__
** Homomorphic Encryption: Intel approach
** Training: 16 Best Online Cloud Computing Courses and Training on Udemy
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L13/|https://CloudSecurityAlliance.fr/go/L13/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 28 décembre 2020 au 3 janvier 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2020.12.30|Hackmageddon|![[Cloud-Native Threats in 2020|https://www.hackmageddon.com/2020/12/30/cloud-native-threats-in-2020/]] |Threats Cloud_Native|
|>|>|>||
|2020.12.20|//Palo Alto Networks//|![[The History of DNS Vulnerabilities and the Cloud|https://unit42.paloaltonetworks.com/dns-vulnerabilities/]]|!DNS|
|>|>|>||
|2020.12.29|Bob Reselman|![[Distributed systems and ISPs push the data center forward|https://www.redhat.com/architect/history-distributed-systems-and-isps]] (4/4)|History|
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Pannes / Outages'' |
|2020.12.29|Bleeping Computer|[[Wasabi cloud storage service knocked offline for hosting malware|https://www.bleepingcomputer.com/news/security/wasabi-cloud-storage-service-knocked-offline-for-hosting-malware/]]|Outage|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.29|Dark Reading|[[Reducing the Risk of Third-Party SaaS Apps to Your Organization|https://www.darkreading.com/cloud/reducing-the-risk-of-third-party-saas-apps-to-your-organization/a/d-id/1339675]]|Risks SaaS|
|2020.12.28|Help Net Security|[[SaaS security in 2021|https://www.helpnetsecurity.com/2020/12/28/2021-saas-security/]]|SaaS|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.29|//Sysdig//|[[5 Best practices for ensuring secure container images|https://sysdig.com/blog/5-best-practices-for-ensuring-secure-container-images/]]|Containers|
|2021.01.01|CISO Mag|[[Explainers: How to Boost Amazon S3 Bucket Security|https://cisomag.eccouncil.org/how-to-protect-s3-buckets/]]|AWS_S3|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Études / Studies'' |
|2021.01.01|MSSP Alert|[[Zscaler Research: 63% of Orgs Forgo Cloud Multi-Factor Authentication|https://www.msspalert.com/cybersecurity-research/zscaler-research-63-of-orgs-forgo-cloud-multi-factor-authentication/]]|Research MFA|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2021.01.02|Brice Schneier|[[Amazon Has Trucks Filled with Hard Drives and an Armed Guard|https://www.schneier.com/blog/archives/2021/01/amazon-has-trucks-filled-with-hard-drives-and-an-armed-guard.html]]|AWS|
|2020.12.31|//K9 Security//|[[Analysis for 3 more AWS services, roadmap, and HeckinIAM|https://k9security.io/posts/2020/12/analysis-for-3-more-aws-services-roadmap-and-heckin-iam/]]|AWS Products|
|2020.12.30|//Amazon AWS//|[[Dropbox Migrates 34 PB of Data to an Amazon S3 Data Lake for Analytics|https://aws.amazon.com/solutions/case-studies/dropbox-s3/]]|AWS Migration|
|2020.12.30|//Thundra//|[[AWS Aurora vs RDS|https://blog.thundra.io/aws-aurora-vs-rds]]|AWS|
|>|>|>|''Azure (Microsoft)'' |
|2021.01.03|//Microsoft//|[[Azure Defender for IoT Raw-Data and ICS MITRE ATT&CK Matrix Mapping via Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/azure-defender-for-iot-raw-data-and-ics-mitre-att-amp-ck-matrix/ba-p/1988171]]|IoT MITRE_ATT&CK Azure_Sentinel|
|>|>|>|''Kubernetes'' |
|2020.12.31|//Alcide//|![[Kubernetes Threat Vectors: Part 6 - Credentials Access|https://www.alcide.io/kubernetes-threat-vectors-part-6-credentials-access]] (6/11) |Kubernetes Threats|
|2020.12.31|//Illumio//|[[What Is Kubernetes Security?|https://www.illumio.com/cybersecurity-101/kubernetes-security]]|K8s|
|>|>|>|''Docker'' |
|2021.01.02|Jatin Yadav|[[Harden Docker with CIS – (P5) Container Images and Build File Configuration|https://blog.jtnydv.com/harden-docker-with-cis-p5-container-images-and-build-file-configuration/]]|Docker Hardening CIS|
|>|>|>|''Containers'' |
|2020.12.31|//Illumio//|[[5 Steps You Can Take Today To Enhance Your Container Security|https://www.illumio.com/cybersecurity-101/container-security]]|Containers|
|>|>|>|''Serverless'' |
|2020.12.29|//Imperva//|[[The Advantages and Risks of Serverless Computing|https://www.imperva.com/blog/the-advantages-and-risks-of-serverless-computing/]]|Serverless|
|>|>|>|''Outils / Tools'' |
|2020.12.28|Security and Cloud 24/7|[[Cloud Shell alternatives|https://security-24-7.com/cloud-shell-alternatives/]]|Cloud_Shell|
|2021.01.01|Darknet|[[GKE Auditor – Detect Google Kubernetes Engine Misconfigurations|https://www.darknet.org.uk/2021/01/gke-auditor-detect-google-kubernetes-engine-misconfigurations/]]|Tools|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2021.01.03|Cloud Security Podcast|![[How To Become a Cloud Security Architect in 2021? - Sriya Potham|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-BECOME-A-CLOUD-SECURITY-ARCHITECT-in-2021-----Sriya-Potham-eog6ac]]|Podcast|
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.12.31|//Fairwinds//|[[Fairwinds 2021 Predictions: Kubernetes adoption, security breaches and policy enforcement|https://vmblog.com/archive/2020/12/31/fairwinds-2021-predictions-kubernetes-adoption-security-breaches-and-policy-enforcement.aspx]]|K8s Predictions|
|2020.12.31|//Centilytics//|[[Top Cloud Technologies To Watch Out For in 2021|https://blogs.centilytics.com/top-cloud-technologies-to-watch-out-for-in-2021/]]|Misc|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''SASE''|
|2020.12.30|//Checkpoint Software//|[[Scalable remote access with VMSS enhances Azure security, while working from home|https://blog.checkpoint.com/2020/12/30/scalable-remote-access-with-vmss-enhances-azure-security-while-working-from-home/]]|Azure|
|>|>|>|''Chiffrement'' / ''Encryption''|
|2020.12.28|Dark Reading|![[Homomorphic Encryption: The 'Golden Age' of Cryptography|https://www.darkreading.com/edge/theedge/homomorphic-encryption-the-golden-age-of-cryptography/b/d-id/1339748]] |Encryption|
|2021.01.01|CISO Mag|[[Explainers: How Intel's Homomorphic Encryption Can Process Ciphertext|https://cisomag.eccouncil.org/homomorphic-encryption-standard/]]|Homomorphic_Encryption|
|>|>|>|''DNS / BGP / NTP'' |
|2020.12.28|//Akamai//|![[Smart DNS for the New Network Edge: Emerging Requirements for DNS Encryption|https://blogs.akamai.com/2020/12/smart-dns-for-the-new-network-edge-emerging-requirements-for-dns-encryption.html]] |!DNS|
|>|>|>|''Autres / Others''|
|2021.01.03|Amulya Rattan Bhatia|[[IaaS vs. CaaS vs. PaaS vs. FaaS vs. SaaS — What's the difference?|https://amulya-bhatia.medium.com/iaas-vs-caas-vs-paas-vs-faas-vs-saas-whats-the-difference-ee84ecc2d519]]|Definitions|
|2021.01.01|//CloudCheckr//|[[How to Keep Up with Cloud Vendor Updates|https://cloudcheckr.com/cloud-management/how-to-keep-up-with-cloud-vendor-updates/]]|Misc|
|2020.12.29|//Imperva//|[[The Advantages and Risks of Serverless Computing|https://www.imperva.com/blog/the-advantages-and-risks-of-serverless-computing/]]|Risks Serverless|
|2020.12.28|//Barracuda//|[[Zero Trust Security begins and ends with identity|https://blog.barracuda.com/2020/12/28/zero-trust-security-begins-and-ends-with-identity/]]|Zero_Trust|
|2020.12.28|Solutions Review|[[The 16 Best Online Cloud Computing Courses and Training on Udemy|https://solutionsreview.com/cloud-platforms/the-16-best-online-cloud-computing-courses-and-training-on-udemy/]]|Training|
|2020.12.28|Bleeping Computer|[[GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic|https://www.bleepingcomputer.com/news/security/github-hosted-malware-calculates-cobalt-strike-payload-from-imgur-pic/]]|Malware|
|2020.12.29|TechRepublic|[[How companies can use automation to secure cloud data|https://www.techrepublic.com/article/how-companies-can-use-automation-to-secure-cloud-data/]]|Automation|
<<tiddler [[arOund0C]]>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202012>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202012>>
<<tiddler fAll2Tabs10 with: VeilleM","_202012>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - décembre 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202012>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - décembre 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - décembre 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202012'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202012'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - décembre 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202012'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - décembre 2020]]>>
!//Cloud Workload Security: Part 2 - Security Features of AWS//
[>img(150px,auto)[iCSA/KCSBC.jpg]]^^Article publié le 28 décembre 2020 sur le blog de la CSA, et sur le site de Intezer le 10 octobre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/28/cloud-workload-security-part-2-security-features-of-aws/
* Site Intezer ⇒ https://www.intezer.com/blog/cloud-workload-security-part-2-security-features-of-aws/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Cloud Workload Security: What You Need to Know - Part 1//
[>img(150px,auto)[iCSA/KCHBH.jpg]]^^Article publié le 21 décembre 2020 sur le blog de la CSA, et sur le site de Intezer le 10 octobre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/21/cloud-workload-security-what-you-need-to-know-part-1/
* Site Intezer ⇒ https://www.intezer.com/blog/cloud-workload-security-what-you-need-to-know-part-1/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//How Does PCI DSS Protect Cardholder Data?//
[>img(150px,auto)[iCSA/KCHBH.jpg]]^^Article publié le 17 décembre 2020 sur le blog de la CSA, et sur le site de TokenEx le 18 septembre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/17/how-does-pci-dss-protect-cardholder-data/
* Site TokenEx ⇒ https://www.tokenex.com/blog/how-does-pci-dss-protect-cardholder-data
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center//
[>img(150px,auto)[iCSA/KCGBM.jpg]]^^Article publié le 16 décembre 2020 sur le blog de la CSA, et sur le site de Intezer le 27 octobre
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/16/migrating-to-the-cloud-compliance-issues-when-transitioning-from-a-traditional-data-center/
* Site Intezer ⇒ https://www.intezer.com/blog/migrating-to-the-cloud-compliance-issues-when-transitioning-from-a-traditional-data-center/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Are Containers More Secure Than VMs?//
[>img(150px,auto)[iCSA/KCBBA.jpg]]^^Article publié le 11 décembre 2020 sur le blog de la CSA, et sur le site de Intezer
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/11/are-containers-more-secure-than-vms/
* Site Intezer ⇒ https://www.intezer.com/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Security Policies | Q&A with TokenEx Industry Experts//
[>img(150px,auto)[iCSA/KCABS.jpg]]^^Article publié le 10 décembre 2020 sur le blog de la CSA, et sur le site de TokenEx
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/10/security-policies-q-a-with-tokenex-industry-experts/
* Site TokenEx ⇒ https://www.tokenex.com/blog/security-policies-q-a-with-tokenex-experts
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Securely Implementing Salesforce as a IdP in a Multi-Org Architecture//
[>img(150px,auto)[iCSA/KC9BS.jpg]]^^Article publié le 9 décembre 2020 sur le blog de la CSA, et sur le site de AppOmni
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/09/securely-implementing-salesforce-as-a-idp-in-a-multi-org-architecture/
* Site AppOmni ⇒ https://appomni.com/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//4 Lessons For Small Ecommerce Stores Trying To Improve Security//
[>img(150px,auto)[iCSA/KC4B4.jpg]]^^Article publié le 4 décembre 2020 sur le blog de la CSA, et sur le site de Ecommerce Platforms
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/04/4-lessons-for-small-ecommerce-stores-trying-to-improve-security/
* Site Ecommerce Platforms ⇒ https://ecommerceplatforms.io/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Cloud Network Security 101 Part 3: Azure Service Endpoints vs. Private Endpoints//
[>img(150px,auto)[iCSA/KCABC.jpg]]^^Article publié le 1er décembre 2020 sur le blog de la CSA, et sur le site de Fugue
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/01/cloud-network-security-101-part-3-azure-service-endpoints-vs-private-endpoints/
* Site Fugue ⇒ https://fugue.co/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #96|2020.12.27 - Newsletter Hebdomadaire #96]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #96|2020.12.27 - Weekly Newsletter - #96]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.12.27 - Newsletter Hebdomadaire #96]]>> |<<tiddler [[2020.12.27 - Weekly Newsletter - #96]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 21 au 27 décembre 2020
!!1 - Informations CSA - 21 au 27 décembre 2020

* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Blog[img[iCSF/flag_fr.png]]: Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud+++^*[»] <<tiddler [[2020.12.23 - Blog : Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud]]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 60 liens|2020.12.27 - Veille Hebdomadaire - 27 décembre]])

* __''À lire''__
** ''Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud''
** ''Articles de Bob Reselman sur l'histoire de la connectivité réseau''
** ''SolarStorm: Publication de nouvelles informations et d'IOCs''

* __Attaques, Incidents, Fuites de données, Pannes__
** Fuites de données : Fuite de données sur le réseau social '21 Buttons'
** Pannes : Google s'explique sur l'origine de la panne de 47 minutes • Panne Apple iCloud

* __Risques, Menaces, Vulnérabilités__
** Menaces : Principales menaces sur Linux dans le Cloud en 2020 (//Intezer//) • Comment éviter le vol de sous-domaine dans Azure
** Vulnérabilités : Protection contre le CVE-2020-8554, une vulnérabilté de l'homme du milieu qui affecte Kubernetes (//Palo Alto Networks//)

* __Cloud Services Providers, Outils__
** AWS : Deploiement de certificats sur plusieurs comptes et régions
** Azure : comprendre les applications Enterprise par défaut dans AzureAD • Microsoft améliore la sécurité d'Azure AD, et de la gestion des identités • Requêtes d'audit dans les journaux Azure Monitor
** GCP : Présentation de GCP avec les bases de la sécurité
** Kubernetes : Kubernetes ne reconduit pas le support Docker, et pourquoi il ne faut pas s'en inquiéter.
** Docker : Du code malveillant dans des référentiels de paquets • Bonnes pratiques pour écrire un Dockerfile • Durcissement Docker

* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Conférences : Retour sur AWS re:Invent 2020 
** Podcasts : les bases de la sécurité Cloud Native (SilverLining IL)

* Juridique, Réglementation, Conformité
** Juridique : La propriété intellectuelle à l'heure du Cloud

* __Marché, Acquisitions__
** Marché : qui peut concurrencer AWS sur les prix?

* __Divers__
** de l'importance d'une stratégie cloud • APIs: Pertes de données en 2020 • Documentation des APIs
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KCR/|https://CloudSecurityAlliance.fr/go/KCR/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - December 21th to 27th, 2020
!!1 - CSA News and Updates - December 21th to 27th, 2020

* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Blog[img[iCSF/flag_fr.png]]: ENISA Call for comments on a Draft Certification Scheme for Cloud Services+++^*[»] <<tiddler [[2020.12.23 - Blog : Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud]]>>=== 
!!2 - Cloud and Security News Watch ([[over 60 links|2020.12.27 - Veille Hebdomadaire - 27 décembre]])

* __''Must read''__
** ''ENISA Call for Comments on the Draft Certification Scheme for Cloud Services''
** ''Bob Reselman's articles on the history of network connectivity''
** ''SolarStorm: Many valuable information and IOCs have been published''

* __Attacks, Incidents, Data Leaks, Outages__
** Leaks: Fashion Social Network '21 Buttons' Exposes User Data
** Outages: Google Explains the Root Cause of the 47 Minutes Global Outage • Apple iCloud outage

* __Risks, Threats, Vulnerabilities__
** Threats: Top Linux Cloud Threats of 2020 (//Intezer//) • How to Avoid Subdomain Takeover in Azure Environments
** Vulnerabilities: Protecting Against CVE-2020-8554, an Unfixed Kubernetes Man-in-the-Middle Vulnerability (//Palo Alto Networks//)

* __Cloud Services Providers, Tools__
** AWS: Deploying public ACM certificates across multiple AWS accounts and Regions
** Azure: Default AzureAD Enterprise Applications explained • Microsoft Ups Security of Azure AD, Identity • Audit queries in Azure Monitor Logs
** GCP: Google Cloud Platform Primer with Security Fundamentals
** Kubernetes: Kubernetes Deprecating Docker Support and Why We Shouldn't Worry That Much
** Docker: Malicious Code Found in Package Repositories • Best Practices for Writing a Dockerfile • Hardening

* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Conferences: Highlights from AWS re:Invent 2020
** Podcasts : Understanding Cloud Native Security Basics (SilverLining IL)

* Legal, Regulatory, Compliance
** Legal: A brief overview of intellectual property issues "in the cloud"

* __Market, Acquisitions__
** Market: Who Can compete with AWS on Price?

* __Miscellaneous__
** APIs: Importance of cloud strategy • API Data Breaches in 2020 • Documenting Your APIs 
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KCR/|https://CloudSecurityAlliance.fr/go/KCR/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 21 au 27 décembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2020.12.22|ENISA|![[Cloud Certification Scheme: Building Trusted Cloud Services Across Europe|https://www.enisa.europa.eu/news/enisa-news/cloud-certification-scheme]]|Certification Europe|
|2020.12.24|Lexology| → [[The European Union Agency for Cybersecurity Publishes a Draft Certification Scheme for Cloud Services|https://www.lexology.com/library/detail.aspx?g=399fda52-283b-4e0c-986c-df66e14ab901]]|Certification Europe|
|>|>|>||
|2020.12.24|Bob Reselman|![[Servers move from the server closet to everywhere|https://www.redhat.com/architect/history-server-closet]] (3/4)|History|
|2020.12.23|Bob Reselman|![[The rise of connected PCs|https://www.redhat.com/architect/history-connected-pc]] (2/4)|History|
|2020.12.22|Bob Reselman|![[A brief history of network connectivity: Connected mainframes|https://www.redhat.com/architect/history-connected-mainframes]] (1/4)|History|
|>|>|>||
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks''|
|2020.12.23|//Ermetic//|![[Cloud infrastructure is not immune from the SolarWinds Orion breach|https://ermetic.com/whats-new/blog/cloud-infrastructure-is-not-immune-from-the-solarwinds-orion-breach/]] |SolarStorm|
|>|>|>|''Fuites de données / Leaks'' |
|2020.12.23|vpnMentor|[[Report: Online Fashion App Exposes Financial Records of Top European Influencers|https://www.vpnmentor.com/blog/report-21-buttons-breach/]]|DataLeak|
|2020.12.24|Silicon Angle|[[Fashion social network 21 Buttons exposes user data via unsecured cloud storage|https://siliconangle.com/2020/12/23/fashion-social-network-21-buttons-exposes-user-data-via-unsecured-cloud-storage/]]|Data_Leak|
|>|>|>|''Pannes / Outages'' |
|2020.12.26|Bleeping Computer|[[Apple iCloud outage prevents device activations, access to data|https://www.bleepingcomputer.com/news/apple/apple-icloud-outage-prevents-device-activations-access-to-data/]]|Outage Apple|
|2020.12.23|ZDnet|[[Google: Here's how our huge Gmail and YouTube outage was due to an errant 'zero'|https://www.zdnet.com/article/google-heres-how-our-huge-gmail-and-youtube-outage-was-due-to-an-errant-zero/]]|Outage GCP|
|2020.12.24|CISO Mag.|[[Google Explains the Root Cause of the 47 Minutes Global Outage of its Services|https://cisomag.eccouncil.org/google-explains-the-root-cause-of-the-47-minutes-global-outage-of-its-services/]]|Outage GCP|
|2020.12.24|Silicon Angle|[[Google blames last week's outage on Google User ID Service error|https://siliconangle.com/2020/12/23/google-blames-last-weeks-outage-google-user-id-service-error/]]|Outage GCP|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.22|BetaNews|[[Tighter integration, collaboration and 'cloudjacking' -- cloud predictions for 2021|https://betanews.com/2020/12/22/cloud-predictions-2021/]]|Predictions|
|2020.12.21|The Hacker News|[[Common Security Misconfigurations and Their Consequences|https://thehackernews.com/2020/12/common-security-misconfigurations-and.html]]|Misconfigurations|
|>|>|>|''Menaces / Threats'' |
|2020.12.21|//Intezer//|[[Top Linux Cloud Threats of 2020|https://www.intezer.com/blog/cloud-security/top-linux-cloud-threats-of-2020/]]|Threats Linux|
|2020.12.21|Security Boulevard|[[6 Significant Cloud Security Threats|https://securityboulevard.com/2020/12/6-significant-cloud-security-threats/]]|Threats|
|2020.12.23|CSO Online|[[How to avoid subdomain takeover in Azure environments|https://www.csoonline.com/article/3601007/how-to-avoid-subdomain-takeover-in-azure-environments.html#tk.rss_cloudsecurity]]|Azure Domain_Names|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.12.22|//Palo Alto Networks//|[[Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)|https://unit42.paloaltonetworks.com/cve-2020-8554/]]|CVE-2020-8554 Kubernetes|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.21|//Javelynn//|[[Using the NGINX Plus Key-Value Store to Secure Ephemeral SSL Keys from HashiCorp Vault|https://www.javelynn.com/cloud/using-the-nginx-plus-key-value-store-to-secure-ephemeral-ssl-keys-from-hashicorp-vault/]]|Vault|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.12.23|//Amazon AWS//|[[How to visualize multi-account Amazon Inspector findings with Amazon Elasticsearch Service|https://aws.amazon.com/blogs/security/how-to-visualize-multi-account-amazon-inspector-findings-with-amazon-elasticsearch-service/]]|AWS|
|2020.12.22|Blocks & Files|[[Cloud object storage vendors that compete with Amazon S3|https://blocksandfiles.com/2020/12/22/ten-amazon-s3-challengers-gigaom/]]|Storage AWS|
|2020.12.21|//Amazon AWS//|[[How to deploy public ACM certificates across multiple AWS accounts and Regions using AWS CloudFormation StackSets|https://aws.amazon.com/blogs/security/how-to-deploy-public-acm-certificates-across-multiple-aws-accounts-and-regions-using-aws-cloudformation-stacksets/]]|AWS|
|2020.12.22|//Thundra//|[[Microservices on AWS: An In-Depth Look|https://blog.thundra.io/microservices-on-aws-an-in-depth-look]]|AWS Microservices|
|2020.12.20|//Thundra//|[[Monitoring Microservices on AWS with Thundra: Part I|https://blog.thundra.io/monitoring-microservices-on-aws-with-thundra-part-1]] (1/3)|Products AWS Microservices|
|2020.12.26|//Thundra//|[[Monitoring Microservices on AWS with Thundra: Part II|https://blog.thundra.io/monitoring-microservices-on-aws-with-thundra-part-2]] (2/3)|Products AWS Microservices|
|>|>|>|''Azure (Microsoft)'' |
|2020.12.24|Sebastiaan van Putten|[[Default AzureAD Enterprise Applications explained, where do they come from?|https://www.seb8iaan.com/default-azuread-enterprise-applications-explained-where-do-they-come-from/]]|AzureAD|
|2020.12.23|Bleeping Computer|[[Microsoft 365 admins can now get security incident email alerts|https://www.bleepingcomputer.com/news/security/microsoft-365-admins-can-now-get-security-incident-email-alerts/]]|M365|
|2020.12.22|Dark Reading|[[Microsoft Ups Security of Azure AD, Identity|https://www.darkreading.com/threat-intelligence/microsoft-ups-security-of-azure-ad-identity-/d/d-id/1339793]]|AzureAD IAM|
|2020.12.23|Sami Lamppu|[[Audit queries in Azure Monitor Logs|https://samilamppu.com/2020/12/23/audit-queries-in-azure-monitor-logs/]]|Azure Logging|
|2020.12.22|Sami Lamppu|![[Azure and M365 Defender Security Solutions Data Flows|https://samilamppu.com/2020/12/22/azure-and-m365-defender-security-solutions-data-flows/]]|Azure M365|
|2020.12.23|Daniel Neumann|[[Azure Kubernetes Service – Azure RBAC for Kubernetes authorization|https://www.danielstechblog.io/azure-kubernetes-service-azure-rbac-for-kubernetes-authorization/]]||
|2020.12.22|Thomas Maurer|[[Learn how to deploy and manage Azure resources with ARM templates|https://www.thomasmaurer.ch/2020/12/learn-how-to-deploy-and-manage-azure-resources-with-arm-templates/]]|Azure|
|2020.12.22|//Microsoft//|[[Episode 389: SolarWinds Exposes Government Office 365 Data++|https://www.microsoftcloudshow.com/podcast/Episodes/389-solarwinds-exposes-government-office-365-data/]] ([[mp3|https://media.blubrry.com/microsoftcloudshow/content.blubrry.com/microsoftcloudshow/microsoftcloudshow_e389.mp3]])|Podcast SolarStorm|
|2020.12.24|Frank Simorjay|[[Why is privileged access important?|https://cloudntech.blogspot.com/2020/12/why-is-privileged-access-important.html]]|Privileged_Access|
|2020.12.24|//Cloudcheckr//|[[Azure Expert MSP Verification Audit Checklist|https://cloudcheckr.com/managed-service-provider/azure-expert-managed-services-provider-verification-audit-checklist/]]|Azure Audit|
|>|>|>|''GCP (Google)'' |
|2020.12.22|//Google Cloud//|[[Rethinking business resilience with Google Cloud|https://cloud.google.com/blog/topics/inside-google-cloud/rethinking-business-resilience-with-google-cloud/]]|GCP Resilience|
|2020.12.21|//Google Cloud//|[[Unlocking the mystery of stronger security key management|https://cloud.google.com/blog/products/identity-security/better-encrypt-your-security-keys-in-google-cloud/]]|GCP Key_Management|
|2020.12.21|//Tripwire//|[[A Google Cloud Platform Primer with Security Fundamentals|https://www.tripwire.com/state-of-security/security-data-protection/cloud/google-cloud-platform/]]|GCP|
|>|>|>|''Oracle'' |
|2020.12.23|//Oracle Cloud//|[[The Oracle Identity Cloud Service Christmas Gift|https://blogs.oracle.com/cloudsecurity/the-oracle-identity-cloud-service-christmas-gift]]|Oracle_Cloud IAM|
|2020.12.21|//Oracle Cloud//|[[From gatekeepers to guardrails - How the security team evolves in DevSecOps organizations|https://blogs.oracle.com/cloudsecurity/from-gatekeepers-to-guardrails-security-devsecops]]|DevSecOps|
|2020.12.21|//Cybereason//|[[Cybereason and Oracle Team Up for Security at Scale from the Endpoint to the Cloud|https://www.cybereason.com/blog/cybereason-and-oracle-team-up-for-security-at-scale-from-the-endpoint-to-the-cloud]]|Products Oracle_Cloud|
|>|>|>|''Kubernetes'' |
|2020.12.23|//Sysdig//|[[Detect CVE-2020-8554 using Falco|https://sysdig.com/blog/detect-cve-2020-8554-using-falco/]]|CVE-2020-8554 Kubernetes|
|2020.12.22|BetaNews|[[All about Kubernetes and why you need more|https://betanews.com/2020/12/22/kubernetes-explained/]]|K8s|
|2020.12.22|//Javelynn//|[[Kubernetes Is Deprecating Docker Support and Why We Shouldn't Worry That Much|https://www.javelynn.com/cloud/kubernetes-is-deprecating-docker-support-and-why-we-shouldnt-worry-that-much/]]|K8s Docker|
|>|>|>|''Docker'' |
|2020.12.26|Jatin Yadav|[[Harden Docker with CIS – (P4) Docker Daemon configuration files|https://blog.jtnydv.com/harden-docker-with-cis-p4-docker-daemon-configuration-files/]]|Docker Hardening CIS|
|2020.12.21|//Duo Security//|[[Malicious Code Found in Package Repositories|https://duo.com/decipher/malicious-code-found-in-package-repositories]]|Threats|
|2020.12.24|//Javelynn//|[[Best Practices for Writing a Dockerfile|https://www.javelynn.com/devops/best-practices-for-writing-a-dockerfile/]]|Docker|
|>|>|>|''Containeurs / Containers'' |
|2020.12.23|Netflix|[[Evolving Container Security With Linux User Namespaces|https://netflixtechblog.com/evolving-container-security-with-linux-user-namespaces-afbe3308c082]]|Linux|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Conférences / Conferences'' |
|2020.12.24|//CloudAcademy//|[[Cloud Academy's AWS re:Invent 2020 Recap & Highlights|https://cloudacademy.com/blog/cloud-academys-aws-reinvent-2020-recap-highlights/]]|Conference AWS|
|2020.12.23|VMblog|[[Takeaways from AWS re:Invent 2020|https://vmblog.com/archive/2020/12/23/takeaways-from-aws-re-invent-2020.aspx]]|Conference AWS|
|>|>|>|''Podcasts'' |
|2020.12.23|SilverLining IL|[[Episode 31: Understanding Cloud Native Security Basics|https://silverlining-il.castos.com/episodes/episode-31-understanding-cloud-native-security-basics]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/%D7%A4%D7%95%D7%93%D7%A7%D7%90%D7%A1%D7%98-%D7%91%D7%A0%D7%92-%D7%99-%D7%A4.mp3]])|Podcast|
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|''Juridique / Legal'' |
|2020.12.24|JD Supra Law|[[Cloud computing: A brief overview of intellectual property issues "in the cloud"|https://www.jdsupra.com/legalnews/cloud-computing-a-brief-overview-of-15131/]]|Intellectual_Property|
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.12.24|Le MagIT[>img[iCSF/flag_fr.png]]|[[2020 restera-t-il comme l'an 1 du cloud souverain pour l'Europe ?|https://www.lemagit.fr/actualites/252494106/2020-restera-t-il-comme-lan-1-du-cloud-souverain-pour-lEurope]]|Sovereignty|
|2020.12.22|Techcrunch|[[With a $50B run rate in reach, can anyone stop AWS?|https://techcrunch.com/2020/12/22/with-a-50b-run-rate-in-reach-can-anyone-stop-aws/]]|AWS |
|2020.12.21|Solutions Review|[[Solutions Review: 5 Cloud Managed Services Vendors to Watch in 2021|https://solutionsreview.com/cloud-platforms/solutions-review-5-cloud-managed-services-vendors-to-watch-in-2021/]]|Market|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''APIs'' |
|2020.12.23|//Cloud Vector//|[[API Data Breaches in 2020|https://www.cloudvector.com/api-data-breaches-in-2020/]]|APIs Data_Breaches|
|2020.12.22||[[7 Important Elements to Include When Documenting Your APIs|https://rickscloud.com/7-important-elements-to-include-when-documenting-your-apis/]]|APIs|
|>|>|>|''Autres / Others'' |
|2020.12.24|MSSP Alert|[[IBM Security Launches Next Generation Encryption Technology Services Package|https://www.msspalert.com/cybersecurity-services-and-products/encryption/ibm-security-homomorphic-launch/]]|Encryption Homomorphic|
|2020.12.22|Security & Cloud 24|![[Importance of cloud strategy|https://security-24-7.com/importance-of-cloud-strategy/]] |Strategy|
|2020.12.21|//Illumio//|[[How Federal Agencies Can Create a Zero Trust Pilot Project|https://www.illumio.com/blog/federal-zero-trust]]|Zero_Trust|
|2020.12.27|Bleeping Computer|[[Windows 10 Cloud PC: What is known about Microsoft's new service|https://www.bleepingcomputer.com/news/microsoft/windows-10-cloud-pc-what-is-known-about-microsofts-new-service/]]|CloudPC|
|2020.12.21|//Cloudflare//|[[Configure identity-based policies in Cloudflare Gateway|https://blog.cloudflare.com/configure-identity-based-policies-in-cloudflare-gateway/]]|IAM Filtering|
<<tiddler [[arOund0C]]>>
!Appel à commentaires sur le 'European Cybersecurity Certification Scheme for Cloud Services'"
[<img(150px,auto)[iCSF/EUsurvey.jpg]][>img(300px,auto)[iCSF/KCMAE.png]]L'ENISA a publié le 22 décembre un appel à commentaires.
Il est ouvert jusqu'au 7 février 2021 à 12h (CET).
Il donnera lieu à un webinaire le 11 janvier 2021 de 14h à 16h30.
Il est soutenu par un document de 245 pages dont la table des matière est ci-dessous
<<<
//Cette publication est une version préliminaire du programme candidat EUCS (European Cybersecurity Certification Scheme for Cloud Services), qui porte sur la certification de la cybersécurité des services en nuage.
Conformément à l'article 48.2 de la loi sur la cybersécurité1 (EUCSA), l'ENISA a mis en place un groupe de travail ad hoc (AHWG) pour travailler à la préparation du schéma candidat sur les services en nuage, dans le cadre de la certification européenne en matière de cybersécurité.
Il s'agit d'une version préliminaire qui servira de base à un examen externe. L'objectif de cet examen est de valider les principes et l'organisation générale du système proposé, et de recueillir des commentaires sur la formulation proposée des sections et des annexes.//
<<<
__Communiqué de presse__
<<<
//The scheme aims to further improve the Union's internal market conditions for cloud services by enhancing and streamlining the services' cybersecurity guarantees. The draft EUCS candidate scheme intends to harmonise the security of cloud services with EU regulations, international standards, industry best practices, as well as with existing certifications in EU Member States.
//[...]//
There are challenges to the certification of cloud services, such as a diverse set of market players, complex systems and a constantly evolving landscape of cloud services, as well as the existence of different schemes in Member States. The draft EUCS candidate scheme tackles these challenges by calling for cybersecurity best practices across three levels of assurance and by allowing for a transition from current national schemes in the EU. The draft EUCS candidate scheme is a horizontal and technological scheme that intends to provide cybersecurity assurance throughout the cloud supply chain, and form a sound basis for sectoral schemes.
More specifically, the draft EUCS candidate scheme:
* Is a voluntary scheme;
* The scheme's certificates will be applicable across the EU Member States;
* Is applicable for all kinds of cloud services - from infrastructure to applications;
* Boosts trust in cloud services by defining a reference set of security requirements;
* Covers three assurance levels: 'Basic', 'Substantial' and 'High';
* Proposes a new approach inspired by existing national schemes and international standards;
* Defines a transition path from national schemes in the EU;
* Grants a three-year certification that can be renewed;
* Includes transparency requirements such as the location of data processing and storage.
//[...]//
During the period of the public consultation, a review by the +++^*[European Cybersecurity Certification Group] https://ec.europa.eu/digital-single-market/en/european-cybersecurity-certification-group === (ECCG) and the +++^*[Stakeholder Cybersecurity Certification Group] https://ec.europa.eu/digital-single-market/en/stakeholder-cybersecurity-certification-group === (SCCG) will also be undertaken. Following the consultation, the EUCS candidate scheme will be updated and submitted to the ECCG for its opinion.
//
<<<
__Table des matières__[>img(150px,auto)[iCSF/KCMPE.png]]
{{ss2col{
<<<
//1. A Scheme for Cloud Services
2. Subject Matter and Scope
3. Purpose of The Scheme
4. Use of Standards
5. Assurance Levels
6. Self-Assessment
7. Specific Requirements Applicable To A Cab
8. Evaluation Methods and Criteria
9. Necessary Information for Certification
10. Marks and Labels
11. Compliance Monitoring
12. Certificate Management
13. Non-Compliance
14. New Vulnerabilities
15. Record Retention
16. Related Schemes
17. Certificate Format
18. Availability of Information
19. Certificate Validity
20. Disclosure Policy
21. Mutual Recognition
22. Peer Assessment
23. Supplementary Information
24. Additional Topics
25. Further Recommendations
26. References
Annex A: Security Objectives and Requirements for Cloud Services
Annex B: Meta-Approach for The Assessment of Cloud Services
Annex C: Assessment for Levels Substantial and High
Annex D: Assessment for Level Basic
Annex E: Competence Requirements for Cabs
Annex F: Scheme Document Content Requirements
Annex G: Certification Lifecycle and Continued Assurance
Annex H: Peer Assessment
Annex I: Terminology//
<<<
}}}
__Webinaire__
[>img(300px,auto)[iCSF/L1BWE.png]]Le 11 janvier 2021, l'Agence européenne pour la cybersécurité organisera un webinaire de présentation du projet de système candidat de l'EUCS. Eric Vétillard, expert principal en certification de l'ENISA, présentera le projet actuel et animera une session de questions-réponses avec les participants.
L'ordre du jour sera le suivant :
* 14h00 à 15h15 : Présentation du document de travail par Eric Vétillard, //Lead Certification Expert// à l'ENISA
* 15h15 à 15h30 : Pause
* 15h30 à 16h30 : Session de questions / Réponses

__Liens sur le site de l'ENISA :__
* Le [[communiqué de presse|https://www.enisa.europa.eu/news/enisa-news/cloud-certification-scheme]] ENISA
* L'[[annonce|https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme/]] de la consultation ENISA
* Le document '[[EUCS - Cloud Sevices Scheme|https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme/at_download/fullReport]]' de l'ENISA au format 'PDF'
* L'[[appel à commentaires|https://ec.europa.eu/eusurvey/runner/Public_Consultation_EUCS]] de l'ENISA en ligne
* Inscription au [[webinaire|https://www.enisa.europa.eu/events/webinar-certification-of-cloud-services-in-europe]] de l'ENISA du 11 janvier 2021
* Liste des participants au groupe de travail [[ad-hoc Working Group 02 - Cloud Services|https://www.enisa.europa.eu/topics/standards/adhoc_wg_calls/ahWG02/ahwg02_members]] de l'ENISA
En complément
* L'annonce ENISA '[[Cybersecurity Certification: EUCC Candidate Scheme|https://www.enisa.europa.eu/publications/cybersecurity-certification-eucc-candidate-scheme]]' du 2 juillet 2020
* Le document ENISA '[[Cybersecurity Certification: EUCC Candidate Scheme|https://www.enisa.europa.eu/publications/cybersecurity-certification-eucc-candidate-scheme/at_download/fullReport]]' au format 'pdf' du 2 juillet 2020
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #95|2020.12.20 - Newsletter Hebdomadaire #95]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #95|2020.12.20 - Weekly Newsletter - #95]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.12.20 - Newsletter Hebdomadaire #95]]>> |<<tiddler [[2020.12.20 - Weekly Newsletter - #95]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 14 au 20 décembre 2020
!!1 - Informations CSA - 14 au 20 décembre 2020

* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Blog : 'Using CSA STAR to Improve Cloud Governance and Compliance'
* Publications 'Enterprise Architecture' : 'Shared Responsibility Model' et 'CCM v3.0.1 Mapping'
* Blog : 'SolarWinds - How Cybersecurity Teams Should Respond'
* Blog : 'CCSK Success Stories: From the Managing Director of a Consulting Firm'
!!2 - Veille Web Cloud et Sécurité ([[plus de 80 liens|2020.12.20 - Veille Hebdomadaire - 20 décembre]])

* __''À lire''__
** Avis de la NSA "Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources" • Avis et blogs sur l'incident SolarWinds/SolarStorm • 'Risk Analysis of Kubernetes Clusters'
** ''SolarStorm: Publication de nouvelles informations et d'IOCs''

* __Attaques, Incidents, Fuites de données, Pannes__
** Attaques : Comptes Office 365 visés par de nouvelles attaques
** Pannes : Google Cloud doublement affecté le 15 décembre 

* __Risques, Menaces, Vulnérabilités__
** Risques : Fournisseurs SaaS • Fausses idées sur le Cloud Native Computing
** Menaces : Détournement de sous-domaines
** Vulnérabilités : //Man-in-the-middle// CVE-2020-8554 pour Kubernetes • ContainerDrip

* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Images durcies CIS pour éviter les erreurs de configuration • Journaux DNS dans le Cloud public • Gestion des secrets Kubernetes

* __Rapports, Sondages, Études, Publications__
** Publications : Commentaires NCSC-NL sur GAIA-X

* __Cloud Services Providers, Outils__
** AWS : CloudShell AWS  • Certification CSA STAR Level 2 pour de nombreux services AWS • Nouveautés AWS CloudTrail
** Azure : Annonces AzureAD lors d'Ignite 2020 • Protection de Microsoft 365 contre des attaques internes • Supervision des habilitations dans les services Cloud Microsoft
** GCP : Exemples d'authentication
** Oracle : Protection des données et sécurité en environnement SaaS
** Kubernetes : Guide de préparation à la certification CKS • Vecteurs de menaces : techniques d'évasion
** Docker : Durcissement avec les outils du CIS
** Outils : Go365, un outil d'attaque des utilisateurs Office365

* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Veilles : TL;DR Security #64 • The Cloud Security Reading List #68

* __Divers__
** Chiffrement homomorphique • Résilience du Cloud • Sondage IaC pour identifier des problèmes de sécurité
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KCK/|https://CloudSecurityAlliance.fr/go/KCK/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - December 14th to 20th, 2020
!!1 - CSA News and Updates - December 14th to 20th, 2020

* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== 
* Blog: 'Using CSA STAR to Improve Cloud Governance and Compliance'
* Publications 'Enterprise Architecture': 'Shared Responsibility Model' and 'CCM v3.0.1 Mapping'
* Blog: 'SolarWinds - How Cybersecurity Teams Should Respond'
* Blog: 'CCSK Success Stories: From the Managing Director of a Consulting Firm'
!!2 - Cloud and Security News Watch ([[over 80 links|2020.12.20 - Veille Hebdomadaire - 20 décembre]])

* __''Must read''__
** NSA Advisory on "Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources" • Advisories and Blog Posts on the SolarWinds/SolarStorm incident • 'Risk Analysis of Kubernetes Clusters'
** ''SolarStorm: Many valuable information and IOCs have been published''

* __Attacks, Incidents, Data Leaks, Outages__
** Attacks: Office 365 Credentials Under Attack By Fax 'Alert' Emails
** Outages: Google Cloud affected by 2 outages on December 15th

* __Risks, Threats, Vulnerabilities__
** Risks: SaaS Providers • Misconceptions of Cloud Native Computing
** Threats: Subdomain Takeovers
** Vulnerabilities: CVE-2020-8554 Kubernetes MiTM Vulnerability • ContainerDrip

* __Best Practices, and Detection__
** Best Practices: Avoiding Cloud Misconfigurations with CIS Hardened Images • DNS Logs in Public Clouds • Kubernetes Secrets Management

* __Reports, Surveys, Studies, Publications__
** Publications: NCSC-NL Comments on GAIA-X

* __Cloud Services Providers, Tools__
** AWS: AWS CloudShell • Many AWS services achieve CSA STAR Level 2 certification • AWS CloudTrail Update
** Azure: Updates on AzureAD at Ignite 2020 • Protecting Microsoft 365 from on-premises attacks • Identity Security Monitoring in Microsoft Cloud Services
** GCP: Authentication by Example
** Oracle: Data Privacy and Security for SaaS Environments
** Kubernetes: CKS Certification Study Guides • Threat Vectors: Defense Evasion
** Docker: Hardening Docker with CIS
** Tools: Go365, an Office365 User Attack Tool

* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Newsletters: TL;DR Security #64 • The Cloud Security Reading List #68

* __Miscellaneous__
** Homomorphic Encryption • Cloud Resilience • Scanning IaC for Security Issues
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KCK/|https://CloudSecurityAlliance.fr/go/KCK/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 14 au 20 décembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2020.12.17|NSA|![[NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources|https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2451159/nsa-cybersecurity-advisory-malicious-actors-abuse-authentication-mechanisms-to/About-Us/EEO-Diversity/Employee-Resource-Groups/]] ([[infographie|https://media.defense.gov/2020/Dec/18/2002554364/-1/-1/0/201218-D-IM742-1001.JPG]]) |Advisory NSA|
|2020.12.17|NSA| → [[Detecting Abuse of Authentication Mechanisms|https://media.defense.gov/2020/Dec/17/2002554125/-1/-1/0/AUTHENTICATION_MECHANISMS_CSA_U_OO_198854_20.PDF]]|Advisory NSA|
|2020.12.18|Bleeping Computer| → [[NSA warns of hackers forging cloud authentication information|https://www.bleepingcomputer.com/news/security/nsa-warns-of-hackers-forging-cloud-authentication-information/]] ([[infographie|https://www.bleepstatic.com/images/news/u/1100723/2020%20Misc/NSA-auth_TTP.jpg]])|Advisory NSA|
|2020.12.18|Silicon Angle| → [[National Security Agency warns hackers are forging cloud authentication information|https://siliconangle.com/2020/12/21/national-security-agency-warns-hackers-forging-cloud-authentication-information/]]|Advisory NSA|
|>|>|>|!|
|2020.12.16|//Microsoft//|![[SolarWinds Post-Compromise Hunting with Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/solarwinds-post-compromise-hunting-with-azure-sentinel/ba-p/1995095]] |Solorigate Sunburst|
|>|>|>|!|
|2020.12.16|Clint Gibler & Mark Manning|![[Risk8s Business: Risk Analysis of Kubernetes Clusters|https://tldrsec.com/guides/kubernetes/]] |K8s Risk_Analysis|
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2020.12.17|//Mirosoft//|[[A moment of reckoning: the need for a strong and global cybersecurity response|https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/]]|CyberAttacks|
|2020.12.15|Security Week|[[SolarWinds Removes Customer List From Site as It Releases Second Hotfix|https://www.securityweek.com/solarwinds-removes-customer-list-site-it-releases-second-hotfix]]|Attack Sunburst|
|2020.12.14|//Threatpost//|[[Microsoft Office 365 Credentials Under Attack By Fax 'Alert' Emails|https://threatpost.com/microsoft-office-365-credentials-attack-fax/162232/]]|Attack O365|
|>|>|>|''Incidents'' |
|>|>|>|''Fuites de données / Leaks'' |
|2020.12.15|The Register|[[Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm's CRM customers|https://www.theregister.com/2020/12/18/probase_unsecured_azure_blob/]]|Data_Leak|
|>|>|>|''Pannes / Outages'' |
|2020.12.19|Bleeping Computer|![[Google explains the cause of the recent YouTube, Gmail outage|https://www.bleepingcomputer.com/news/google/google-explains-the-cause-of-the-recent-youtube-gmail-outage/]] |Outage GCP|
|2020.12.15|Bleeping Computer|[[Gmail hit by a second outage within a single day|https://www.bleepingcomputer.com/news/google/gmail-hit-by-a-second-outage-within-a-single-day/]]|Outage GCP|
|2020.12.14|Bleeping Computer|[[Google outage affecting YouTube, Gmail and more|https://www.bleepingcomputer.com/news/google/google-outage-affecting-youtube-gmail-and-more/]]|Outage GCP|
|2020.12.14|HuffPost[>img[iCSF/flag_fr.png]]| → [[Panne générale chez Google: voici les inconvénients d'une maison connectée|https://www.huffingtonpost.fr/entry/panne-generale-chez-google-voici-les-inconvenients-dune-maison-connectee_fr_5fd7744dc5b62f31c1fefe40]]|Outage GCP|
|2020.12.14|CRN| → [[Google Outage Shows Public Cloud Computing Is 'Not Invincible'|https://www.crn.com/news/cloud/google-outage-shows-public-cloud-computing-is-not-invincible-]]|Outage GCP|
|2020.12.14|The Register|[[Google Mail outage: Did you see that error message last night? Why the 'account does not exist' response is a worry|https://www.theregister.com/2020/12/16/google_mail_outage_responds_with/]]|Outage GCP|
|2020.12.15|ZDnet| → [[Google: Here's what caused our big global outage|https://www.zdnet.com/article/google-heres-what-caused-our-big-global-outage/]]|Outage GCP|
|2020.12.16|The Register|[[Google told BGP to forget its Euro-cloud – after first writing bad access control lists|https://go.theregister.com/feed/www.theregister.com/2020/12/16/google_europe_outage/]]|Outage GCP|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.15|//UpGuard//|[[What is Ransomware as a Service (RaaS)? The dangerous threat to world security|https://www.upguard.com/blog/what-is-ransomware-as-a-service]]|Ransomware|
|2020.12.15|//PivotPoint Security//|[[Security "Gotchas" in SaaS Production Applications|https://www.pivotpointsecurity.com/blog/security-gotchas-in-saas-production-applications/]]|SaaS|
|2020.12.14|Security Boulevard|[[Risks You Need to Consider When Using SaaS Providers|https://securityboulevard.com/2020/12/risks-you-need-to-consider-when-using-saas-providers/]]|SaaS|
|2020.12.14|Forbes|[[The Top Six Misconceptions of Cloud Native Computing|https://www.forbes.com/sites/forbestechcouncil/2020/12/14/the-top-six-misconceptions-of-cloud-native-computing/]]|Cloud_Native|
|>|>|>|''Menaces / Threats'' |
|2020.12.15|Patrik Hudak|[[Subdomain Takeover: Going for High Impact|https://0xpatrik.com/subdomain-takeover-impact/]]|!DNS Compromise|
|2020.12.14|Help Net security|[[Remote and cloud-based systems to be ruthlessly targeted next year|https://www.helpnetsecurity.com/2020/12/14/cloud-based-systems-targeted/]]|Report|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.12.18|Container Journal|[[Kubernetes MiTM Vulnerability Underscores Need for Virtual Patching|https://containerjournal.com/topics/container-security/kubernetes-mitm-vulnerability-underscores-need-for-virtual-patching/]]|CVE-2020-8554 Kubernetes|
|2020.12.15|//Praetorian//|[[Google Cloud Platform (GCP) Service Account-based Privilege Escalation paths|https://www.praetorian.com/blog/google-cloud-platform-gcp-service-account-based-privilege-escalation-paths]]|GCP|
|2020.12.15|DZone|[[ContainerDrip, Another Example of Why HTTP Basic Authentication Is Flawed|https://dzone.com/articles/containerdrip-another-example-of-why-http-basic-au]]|Vulnerability CVE-2020-15157|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.18|Center for Internet Security|[[Avoid Cloud Misconfigurations with CIS Hardened Images|https://www.cisecurity.org/blog/avoid-cloud-misconfigurations-with-cis-hardened-images/]]|Misconfigurations|
|2020.12.16|SANS|[[DNS Logs in Public Clouds|https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/]]|!DNS Logging|
|2020.12.15|GitHub|[[Keeping your GitHub Actions and workflows secure: Preventing pwn requests|https://securitylab.github.com/research/github-actions-preventing-pwn-requests]]|GitHub|
|2020.12.17|//Conjur//|[[Kubernetes Security: Best Practices for Kubernetes Secrets Management|https://www.conjur.org/blog/kubernetes-security-best-practices-for-kubernetes-secrets-management/]]|Kubenetes Secrets_Management|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Publications'' |
|2020.12.18|NCSC-NL|[[6 questions et réponses sur le rôle et l'importance de GAIA-X dans la fourniture de services en nuage|https://www.ncsc.nl/actueel/weblog/weblog/2020/gaia-x]] (en néerlandais)|GAIA-X|
|2020.12.15|NIST|![[NIST Releases Draft Guidance on Internet of Things Device Cybersecurity|https://www.nist.gov/news-events/news/2020/12/nist-releases-draft-guidance-internet-things-device-cybersecurity]] (drafts : [[SP 800-213|https://csrc.nist.gov/publications/detail/sp/800-213/draft]], [[IR 8259b|https://csrc.nist.gov/publications/detail/nistir/8259b/draft]], [[IR 8259c|https://csrc.nist.gov/publications/detail/nistir/8259c/draft]], [[IR 8259d|https://csrc.nist.gov/publications/detail/nistir/8259d/draft]]) |NIST IoT|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.12.15|//Amazon AWS//|[[AWS CloudShell - Command-Line Access to AWS Resources|https://aws.amazon.com/blogs/aws/aws-cloudshell-command-line-access-to-aws-resources/]]|AWS_Cloud_Shell|
|2020.12.17|The Register| → [[AWS catches up to Azure and GCP with CloudShell, adds deliberate injection of chaos|https://go.theregister.com/feed/www.theregister.com/2020/12/16/aws_gets_a_cloudshell_and/]]|AWS CloudShell|
|2020.12.15|//Amazon AWS//|![[138 AWS services achieve CSA STAR Level 2 certification|https://aws.amazon.com/blogs/security/138-aws-services-achieve-csa-star-level-2-certification/]] |AWS STAR|
|2020.12.15|//Amazon AWS//|[[Introducing AWS Systems Manager Change Manager|https://aws.amazon.com/blogs/aws/introducing-systems-manager-change-manager/]]|AWS|
|2020.12.17|//Amazon AWS//|[[AWS CloudTrail Update – Turn on in All Regions & Use Multiple Trails|https://aws.amazon.com/blogs/aws/aws-cloudtrail-update-turn-on-in-all-regions-use-multiple-trails/]]|AWS_CloudTrail|
|2020.12.17|//Cloud Academy//|![[Where Should You Be Focusing Your AWS Security Efforts?|https://cloudacademy.com/blog/where-should-you-be-focusing-your-aws-security-efforts/]] |AWS|
|2020.12.14|AJ Yawn|[[Initial Reaction to AWS Audit Manager|https://www.linkedin.com/pulse/initial-reaction-aws-audit-manager-aj-yawn/]]|AWS Audit_Manager|
|>|>|>|''Azure (Microsoft)'' |
|2020.12.20|Sebastiaan van Putten|[[The difference between AzureAD App Registrations and Enterprise Applications explained|https://www.seb8iaan.com/the-difference-between-azuread-app-registrations-and-enterprise-applications-explained/]]|AzureAD|
|2020.12.19|//Microsoft Azure//|[[What's new in Azure Active Directory at Microsoft Ignite 2020|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/what-s-new-in-azure-active-directory-at-microsoft-ignite-2020/ba-p/1257373]]|AzureAD|
|2020.12.19|//Microsoft Azure//|[[Protecting Microsoft 365 from on-premises attacks|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754]]|M365 Protection|
|2020.12.18|//Microsoft Azure//|[[99.99% uptime for Azure Active Directory|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/99-99-uptime-for-azure-active-directory/ba-p/1999628]]|AzureAD Reliability|
|2020.12.18|//Microsoft Azure//|![[Protecting Microsoft 365 from on-premises attacks|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754]] |M365 Protection|
|2020.12.16|//Microsoft Azure//|[[Microsoft Cloud App Security (MCAS) Activity Log in Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/microsoft-cloud-app-security-mcas-activity-log-in-azure-sentinel/ba-p/1849806]]|Azure_Sentinel|
|2020.12.16|Thomas Naunheim|[[Identity Security Monitoring in Microsoft Cloud Services|https://www.cloud-architekt.net/identity-security-monitoring/]]|Azure Monitoring IAM|
|2020.12.16|//Coalfire//|[[Blueprints scopes and assignments|https://www.coalfire.com/the-coalfire-blog/december-2020/blueprints-scopes-and-assignments]] (3/4)|Azure Policies|
|2020.12.14|//Coalfire//|[[Azure Policies|https://www.coalfire.com/the-coalfire-blog/december-2020/azure-policies]] (2/4)|Azure Policies|
|>|>|>|''GCP (Google)'' |
|2020.12.14|//CodeBurst//|[[Google Cloud Authentication by Example|https://codeburst.io/google-cloud-authentication-by-example-1481b02292e4]]|GCP Authentication|
|>|>|>|''Oracle'' |
|2020.12.17|//Oracle Cloud//|[[Data Privacy and Security: A Symbiotic Relationship for SaaS Environments|https://blogs.oracle.com/cloudsecurity/data-privacy-and-security-a-symbiotic-relationship-for-saas-environments]]|SaaS Privacy|
|2020.12.14|//Oracle Cloud//|[[Improve your governance in Oracle Cloud Infrastructure|https://blogs.oracle.com/cloudsecurity/improve-your-governance-in-oracle-cloud-infrastructure]]|Governance|
|>|>|>|''Alibaba Cloud'' |
|2020.12.18|//Praetorian//|[[Alibaba Cloud Cross Account Trust: The Confused Deputy Problem|https://www.praetorian.com/blog/alibaba-cloud-cross-account-trust-the-confused-deputy-problem]] (2/2)|Alibaba|
|>|>|>|''Kubernetes'' |
|2020.12.17|//Stackrox//|[[CKS Certification Study Guide: System Hardening in Kubernetes|https://www.stackrox.com/post/2020/12/cks-certification-study-guide-system-hardening/]]|Hardening|
|2020.12.17|//Stackrox//|[[CKS Certification Study Guide: Cluster Hardening|https://www.stackrox.com/post/2020/12/cks-certification-study-guide-cluster-hardening/]]|Hardening|
|2020.12.17|//Stackrox//|[['Screaming in the Cloud' - Eliminating Security Risks in Kubernetes|https://www.stackrox.com/post/2020/12/screaming-in-the-cloud-eliminating-security-risks-in-kubernetes/]]|K8s Risks|
|2020.12.17|//Alcide//|![[Kubernetes Threat Vectors - Part 5: Defense Evasion|https://blog.alcide.io/ubernetes-threat-vectors-part-5-defense-evasion]] (5/11) |Kubernetes Threats|
|2020.12.17|//Javelynn//|[[How to implement a custom Kubernetes validation admission controller?|https://www.javelynn.com/cloud/how-to-implement-a-custom-kubernetes-validation-admission-controller/]]|Kubenetes|
|>|>|>|''Docker'' |
|2020.12.19|Jatin Yadav|[[Harden Docker with CIS – (P3) Docker daemon configuration – Part 2|https://blog.jtnydv.com/harden-docker-with-cis-p3-docker-daemon-configuration-part-2/]]|Docker Hardening CIS|
|2020.12.14|Jatin Yadav|[[Harden Docker with CIS – (P3) Docker daemon configuration – Part 1|https://blog.jtnydv.com/harden-docker-with-cis-p3-docker-daemon-configuration-part-1/]]|Docker Hardening CIS|
|2020.12.15|//Logrhythm//|[[How to Mitigate Docker Container Security Risk|https://logrhythm.com/blog/how-to-mitigate-docker-security-risk/]]|Docker Risks|
|2020.12.19|Rory McCune //NCC Group//|[[Exploring Rootless Docker|https://raesene.github.io/blog/2020/12/19/rootless_docker/]]|Docker|
|>|>|>|''Outils / Tools'' |
|2020.12.18|//Optiv//|[[Go365 - An Office365 User Attack Tool|https://www.kitploit.com/2020/12/go365-office365-user-attack-tool.html]] ([[GitHub|https://github.com/optiv/Go365]])|
|2020.12.16|//Catchpoint//|[[How to set up an integration with Slack|https://blog.catchpoint.com/2020/12/16/how-to-set-up-an-integration-with-slack/]] ([[vidéo|https://www.youtube.com/watch?v=-FDgoTwszL8]])|Slack Notification|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2020.12.20|Cloud Security Podcast|![[Starting A Successful Cybersecurity Podcast In 2021|https://anchor.fm/cloudsecuritypodcast/episodes/STARTING-A-SUCCESSFUL-CYBERSECURITY-PODCAST-IN-2021-eo1dpd]]|Podcast|
|2020.12.20|//ThousandEyes//|[[Ep. 31: About Monday's Google Outage; Plus, Talking Holiday Internet Traffic Trends with Fastly|https://blog.thousandeyes.com/internet-report-episode-31/]]|Podcast|
|2020.12.17|Screaming in the Cloud|[[Eliminating Security Risks in Kubernetes with Chris Porter|https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/eliminating-security-risks-in-kubernetes-with-chris-porter/]] ([[mp3|https://dts.podtrac.com/redirect.mp3/media.transistor.fm/9a2a62b4/5db02333.mp3]])|Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2020.12.20|Marco Lancini|[[The Cloud Security Reading List #68|https://cloudseclist.com/issues/issue-68/]] |Weekly_Newsletter|
|2020.12.16|TL;DR Security|[[#64 - Kubernetes Guide, XSS for PDFs, SolarWinds FTL|https://tldrsec.com/blog/tldr-sec-064/]] |Weekly_Newsletter|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''Chiffrement'' / ''Encryption''|
|2020.12.17|//SecurityIntelligence//|[[Fully Homomorphic Encryption: Unlocking the Value of Sensitive Data While Preserving Privacy|https://securityintelligence.com/posts/fully-homomorphic-encryption-next-step-data-privacy/]]|Encryption|
|>|>|>|''Resilience'' |
|2020.12.14|//CompareTheCloud//|[[How cloud resilience has been challenged and why security strategy needs a rethink|https://www.comparethecloud.net/articles/security/migrating-business-applications-to-the-cloud-has-saved-2020-for-many-businesses/]]|Resilience|
|2020.12.14|MSSP Alert|[[Building Resilience in 2021|https://www.msspalert.com/cybersecurity-guests/building-resilience-in-2021/]]|Resilience|
|>|>|>|''SASE'' |
|2020.12.18|//Netskope//|[[Helpful Answers to Your SASE-est Questions|https://www.netskope.com/blog/helpful-answers-to-your-sase-est-questions]]|SASE|
|>|>|>|''Zero Trust'' |
|2020.12.17|//Illumio//|[[Take Me to Your Domain Controller: How Attackers Move Laterally Through Your Environment|https://www.illumio.com/blog/domain-controller-2]] (2/3)|Zero_Trust|
|>|>|>|''Autres / Others'' |
|2020.12.14|CSO Online|[[Building stronger multicloud security: 3 key elements|https://www.csoonline.com/article/3584735/building-stronger-multicloud-security-3-key-elements.html]]|Multi_Cloud|
|2020.12.20|Christophe Tafani-Dereeper|[[Shifting Cloud Security Left — Scanning Infrastructure as Code for Security Issues|https://blog.christophetd.fr/shifting-cloud-security-left-scanning-infrastructure-as-code-for-security-issues/]]|Scanning Terraform|
|2020.12.19|Bank Info Security|[[IAM in a Multi/Hybrid Cloud Environment - Can We Do it Better This Time?|https://www.bankinfosecurity.com/webinars/iam-in-multihybrid-cloud-environment-we-do-better-this-time-w-2852]]|IAM Multi_Cloud|
|2020.12.19|//Zscaler//|[[Seven Reasons Why Your Cloud Security is a Mess|https://www.zscaler.com/blogs/product-insights/seven-reasons-why-your-cloud-security-mess]]|Misc|
|2020.12.18|//Palantir//|[[Palantir and GAIA-X|https://medium.com/palantir/palantir-and-gaia-x-85ab9845144d]]|GAIA-X|
|2020.12.18|//Threatpost//|[[Cloud is King: 9 Software Security Trends to Watch in 2021|https://threatpost.com/cloud-king-software-security-trends-2021/162442/]]|Trends|
|2020.12.17|//PivotPoint Security//|[[Why "Tone at the Top" is So Critical for SaaS Security|https://www.pivotpointsecurity.com/blog/why-tone-at-the-top-is-so-critical-for-saas-security/]]|SaaS|
|2020.12.14|Help Net security|[[How to make DevSecOps stick with developers|https://www.helpnetsecurity.com/2020/12/14/how-devsecops-developers/]]|DevSecOps|
<<tiddler [[arOund0C]]>>
!"//Enterprise Architecture Shared Responsibility Model// et //Enterprise Architecture to CCM v3.0.1 Mapping//
[>img(200px,auto)[iCSA/CCM.png]]Publications du 18 décembre 2020.
<<<
//The Enterprise Architecture working group's Enterprise Reference Architecture (ERA) is both a methodology and a set of tools enabling security architects, enterprise architects and GRC professionals to leverage a common set of solutions that fulfill their common needs. The expectation is the ERA will assist in assessments where their internal IT and their cloud providers are in terms of security capabilities and roadmap planning to meet the security needs of their business. The ERA provides a security viewpoint on a typical Enterprise Architecture, thus taking a domain-based approach covering Business Operations, IT Operations, Security and Risk Management as well as the classic layered architecture of Presentation, Application, Information, and Infrastructure domains.
The mapping of CCM controls per the Shared Responsibility Model according to the following service levels - IaaS, PaaS, SaaS. It is intended to give the reader an overview of cloud responsibility with the specific control domain from the view of either the cloud service provider and/or the cloud consumer. 0 (zero) signifies no responsibility, whereas the placement of a 1 (one) signifies the given responsibility. From here, the reader can map that control domain back to the CCM control for further guidance and architecture.//
<<<
!!!Liens
* Annonce ''EA-CCM Shared Responsibility Model'' et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/enterprise-architecture-ccm-shared-responsibility-model/
* Document ''EA-CCM Shared Responsibility Model'' (XLSX) ⇒ https://cloudsecurityalliance.org/download/artifacts/enterprise-architecture-ccm-shared-responsibility-model/
* Annonce ''EA-CCM Mapping'' et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/enterprise-architecture-ccm-v301-mapping/
* Document ''EA-CCM Mapping'' (XLSX) ⇒ https://cloudsecurityalliance.org/download/artifacts/enterprise-architecture-ccm-v301-mapping/
!"//CCSK Success Stories: From the Managing Director of a Consulting Firm//"
[>img(150px,auto)[iCSA/KCJBU.png]]Article de blog publié le 19 décembre 2020 -- rédigé par John DiMaria, //Assurance Investigatory Fellow//, Cloud Security Alliance
<<<
The more complex systems become, the less secure they are, even though security technologies improve. There are many reasons for this, but it can all be traced back to the problem of complexity. Why? Because we give a lot of attention to technology, and we have increased silos of a plethora of regulations and standards. Therefore, we become fragmented and too complexed.
In this blog, I'll be discussing ways to address this problem by leveraging frameworks and systems that map to multiple certifications and industry standards. In particular, I'll be discussing how the CSA STAR program fits in with other certification schemes and how you can leverage it to help reduce complexity.
> "The adversary works in the world of the stack, and that complexity is where they thrive".
> Ron Ross, Senior Scientist and Fellow at NIST
!!!Indicators of Complex Systems
Complexed systems create more security risk because they:
* Have more independent processes, interfaces and interactions.
* Have more interfaces and interactions and create more security risks.
* Are harder to monitor and have visibility into, which creates untested, and unaudited portions.
* Are harder to develop and implement securely.
* Are harder for employees and stakeholders to understand and be trained in.
Cloud service providers are forced to comply with a plethora of standards, frameworks and regulations. This causes complexity and compliance fatigue, along with increased risk and resource allocation issues. Many of the controls across these platforms are similar and cross over, but because they are individual requirements, many organizations manage them in silos. This causes confusion as interpretation issues become a huge debate.
!!!Business benefits of integrating your security systems
An integrated security system helps alleviate some of the challenges listed above by enabling organizations to align their processes and procedures into one complete framework that can help to deliver their objectives effectively and efficiently.
The system integrates all components of a governance, risk and compliance program into one coherent system linking boundaries between processes and creating seamless connections between its requirements and internal controls.
By using a single system for the ongoing management of risks and compliance, greater visibility into regulatory, legal, and information security obligations can be achieved., It also makes it easier to identify overlapping requirements which enables controls to be better designed and implemented. Ultimately this all results in better assurance being provided to the organization.
CSA best practices play an important guidance role in the creation of such a system and supports setting the objectives, monitoring the performance and ensuring metrics are aligning your operations to top management strategic thinking.
!!!Why integrated security systems?
* Improve consistency within the organization [>img(400px,auto)[iCSA/KCJB1.png]]
* Avoid duplication and gain cost savings
* Clarify allocation of responsibility
* Focus the organization onto business goals
* Absorb informal systems into formal systems
* Optimize staff training and development

!!!Using CSA STAR to integrate your security systems
[>img(auto,300px)[iCSA/KCJB2.png]][>img(auto,200px)[iCSA/KCJB3.png]]Since it maps to multiple standards and regulations, the CSA STAR Program can be leveraged as an organization's integrated security system.
The STAR Program is based on three pillars that allow this integration:
* Technical standard and best practices
* A Certification framework
* A public repository and database
Each of the STAR pillars offer organizations tools to establish and maintain an effective and efficient cloud security and privacy governance and compliance posture.
The STAR Program is facilitated by the Cloud Control Matrix (CCM). The CCM has 16 domains and 133 controls (Figure 2). These cover a range of areas from the application, data center, and mobile security through to security incident, supply chain and threat management. These domains are then backed by 133 individual controls within the CCM that are mapped to over 40 different frameworks and regulatory requirements.
[img(600px,auto)[iCSA/KCJB4.png]]
With the CCM mapping to multiple standards and regulations, it will support meeting the strategic direction of the organization by supporting and weaving all the main functions together as one fabric that covers the business. Not only increasing security but making the business more resilient as well.
!!!How STAR can facilitate an integrated security system in your organization
Below is an illustration of how common requirements of multiple systems standards/specifications can be integrated into one common system.
[img(600px,auto)[iCSA/KCJB5.png]]
By using the ISO approach shown above of addressing the High-Level Structure (HLS) you will be able to:
* Map the context of the organization; identifying all the inputs and outputs as well as interested parties (both internal and external).
* Fully understand the context of the organization and introduce planning activities that will address the risks and opportunities of the business that can interfere with the expected output of the business and build the mitigation strategy into the day-to-day planning and operational process.
* Ensure that sufficient and appropriate resources are available. Appropriateness is often determined through competency analysis.
* Harden operational functions by deploying the functions developed during the planning process.
* Evaluate performance and effectiveness at consistent planned intervals. Internal audits and management reviews are key methods of reviewing the performance of the security system and tools for its continual improvement.
* Use the results to continuously improve the organization and its processes.
By integrating multiple frameworks into one holistic one you can understand both the gaps into your internal control systems and the areas of overlap, and therefore avoid unmitigated risks, on the one hand, and duplication of efforts on the other. The latter is achieved by focusing only on covering the gaps in the process and controls addressing the areas of intersection between the CCM and any other security framework used in the internal control system.
[img(500px,auto)[iCSA/KCJB6.png]]
!!!Things to consider prior to kicking off your project plan
* Perform a gap analysis of your cloud security using the CSA CAIQ
* Set clear objectives for integration and expected ROI
* Determine the extent to which integration should occur (scope)
* Consider the cultural landscape within your company
* Analyze the need for training based off of the levels of competence necessary
** Evaluate your training needs to get started
** Re-evaluate based on the gaps you've identified
** This will help embed the knowledge
* Keep in mind legal and other regulatory requirements along with internal requirements
!!!What do you need to do next?
* Set up a project team to manage the implementation
* Communicate the project across the whole organization
* Create an implementation plan and monitor progress
* Take a fresh look at your total business
* Highlight the changes as opportunities for improvement
* Make changes to your documentation to reflect the new structure (as necessary)
* Implement the new requirements on leadership, risk and context of the organization
* Review the effectiveness of your current control set.
* Carry out an impact assessment
* Start measuring ROI
!!!Do things Differently through Visibility - Insight - Action
Experience teaches that the more successful businesses embed best practices holistically across the entire organization, not just in one specific area. Products and services today must meet a diverse spectrum of certification and compliance requirements.
Developing a consistent framework of repeatable processes and procedures allows the organization to comply, grow, and protect the operation.
Instituting a company-wide strategy breaks down long-established silos separating departments and divisions, and, for many organizations, can represent a significant change to corporate culture.
<<<
//__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/12/19/using-csa-star-to-improve-cloud-governance-and-compliance/ 
!"//CCSK Success Stories: From the Managing Director of a Consulting Firm//"
[>img(150px,auto)[iCSA/KCGBS.jpg]]Article de blog publié le 16 décembre 2020 -- rédigé par Paul Kurtz, //Co-founder and Executive Chairman//, TruSTAR Technology
<<<
!!SolarWinds perhaps represents the most severe hack of the digital age
The playbook of our adversaries continues to evolve, but defenders are losing, and the gap is widening. Discussion of imposing consequences on adversaries seems pointless so long as we keep falling farther behind. Similarly, finger-pointing will not work as this hack was not a single mistake like many we have seen in the past. In this case, it is clear the adversary used a suite of sophisticated techniques to cover their tracks, including a supply chain hack and using steganography to embed command lines.
FireEye has started what must become the norm: disclosing as much detail as possible as fast as possible about the attack techniques and indicators of compromise. Sharing indicators of compromise accelerates the discovery of other victimized systems. Today government agencies and companies are searching for indicators of compromise within their networks.
!!So, now what? How should organizations respond?
Cloud-Based, Intelligent EcosystemsNo doubt, the market will respond with new tools that could help identify similar future attacks. However, success will be temporary given adversaries continue to move faster than defenders. Rather than retool, we should focus on a more data-centric approach. Recently, the Cloud Security Alliance published a research paper on Cloud-based, Intelligent Ecosystems. The report calls for a paradigm shift to integrate and automate data from security tools and external threat feeds to establish a holistic picture of activity. By doing so, companies and government organizations can accelerate discovery, searching more quickly across all systems for indicators of compromise, like those released by FireEye shortly after they discovered the breach. Given different tools have different functions, it is likely indicators of compromise are spread across multiple systems. A data-centric approach rather than a tool-centric approach will help assemble pieces of the puzzle more quickly.
!!Organizations need to build a "cyber memory" of past events.
The paper also calls out the need for building "cyber memory" of past events; without memory, it is impossible to learn. We need to be able to recall event data from security systems seamlessly. Creating a virtual memory to absorb events will enable Machine Learning to identify patterns to more effectively and efficiently address malicious activity.
This approach is not a panacea and should not be read as preventing future attacks. However, it serves to close the gap and contain problems. The combination of information sharing -- like FireEye's, plus a data-centric approach to building a cyber memory of past event data from tools and external threat feeds will accelerate discovery. 
<<<
//__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/12/16/solarwinds-how-cybersecurity-teams-should-respond/ 
!"//CCSK Success Stories: From the Managing Director of a Consulting Firm//"
[>img(150px,auto)[iCSA/K4QCCSK.png]]Article de blog publié le 14 décembre 2020
<<<
//This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Ferdinand Fong, Managing Director, Initial Alpha Pte. Ltd.

Q: In your current role as Managing Director, what does your job involve?
A: I run a program management consultancy business, and my most recent engagement involves working with a financial services payment processor as an operational management consultant executing the migration of CITI Hong Kong payment platform over to theirs. Due to this organization's insolvency filing and how the world is now changing, I am looking into expanding my portfolio into the area of cloud security.

Q: Can you share with us some complexities in managing cloud computing projects?
A: I can see as companies/enterprises are going from traditional physical infrastructure to more cloud- based infrastructure, there is a gap which CSA can help to fill. Some complexities I see are:
* Understanding the existing scope of the client and mapping it to a cloud based infrastructure
* The need to change the client's mindset as they will have to relinquish certain physical control over the infrastructure itself.

Q: In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
A: I think one of the key tips I would share is to get a good grasp on risk assessment. A thorough risk assessment that is in alignment with the client needs will ensure that an optimal business requirement document can be created, which will help with guiding the development of the project.

Q: What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
A: I find that as a whole the CCSK is a great starting point for anyone who wishes to venture into the area of cloud security. As someone who is new in this area, I would have to say that I did not have a preferred area as I found the entire training to be very invaluable.

Q: How does Cloud Controls Matrix (CCM) help communicate with customers?
A: The Cloud Controls Matrix (CCM) provides a very easy to understand method for customers in order to have a good handle on where they are in terms of security controls, compliance requirement and regulatory requirement. With the CCM any gaps in any of those areas can be easily identified and addressed.

Q: What's the value in a vendor-neutral certificate versus getting certified by a vendor? In what scenario are the different certificates important?
A: Vendor-neutral certificates are great as they open up greater opportunities to work in an unbiased manner with both the clients as well as managing a professional relationship with vendors and CSPs. This also means that my clients can trust my recommendations based on what their needs are and not driven by any biases.

Q: Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications?
A: Yes I would. As I see this as part of expanding my business, ensuring that my staff and colleagues have the same standard understanding and speak the same language when it comes to addressing cloud security related subjects.

Q: What is the best advice you would give to IT professionals in order for them to scale new heights in their careers?
A: Keep an ear to the ground, pay attention to the latest development and what is trending. The world of IT is constantly changing; it is imperative to stay abreast with the latest developments, innovations as well as the evolving security threats that are out there.//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/12/14/ccsk-success-stories-from-the-managing-director-of-a-consulting-firm/ 
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #94|2020.12.13 - Newsletter Hebdomadaire #94]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #94|2020.12.13 - Weekly Newsletter - #94]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.12.13 - Newsletter Hebdomadaire #94]]>> |<<tiddler [[2020.12.13 - Weekly Newsletter - #94]]>> |
| La [[dernière Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' | The [[latest Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' is dated from ''<<tiddler [[LatestWeeklyEN]]>>'' |
|!• La newsletter #94 est en cours de rédaction 
• Date de publication estimée : __à partir du 13 décembre 2020__ | | [img(100px,auto)[iCSF/Work.gif]]
La Veille 'Web Cloud et Sécurité' en cours de rédaction est → [[ici|2020.12.13 - Veille Hebdomadaire - 13 décembre]] ← | /% !Newsletter Hebdomadaire Cloud et Sécurité - semaine du 07 au 13 décembre 2020 !!1 - Informations CSA - 07 au 13 décembre 2020 * Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== * Publication : 'Cloud-Based, Intelligent Ecosystems' !!2 - Veille Web Cloud et Sécurité ([[plus de 60 liens|2020.12.13 - Veille Hebdomadaire - 13 décembre]]) * __''À lire''__ ** • * __Attaques, Incidents, Fuites de données, Pannes__ ** Attaques : • ** Incidents : • ** Fuites de données : • ** Pannes : • * __Risques, Menaces, Vulnérabilités__ ** Risques : • ** Menaces : • ** Vulnérabilités : • * __Bonnes Pratiques, Techniques de Détection__ ** Bonnes pratiques : • ** Détection : • * __Rapports, Sondages, Études, Publications__ ** Rapports : • ** Sondages : • ** Études : • ** Publications : • * __Cloud Services Providers, Outils__ ** AWS : • ** Azure : • ** GCP : • ** Oracle : • ** Kubernetes : • ** Docker : • ** Containers : • ** Workloads : • ** Outils: • * __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__ ** Podcasts : • ** Veilles : TL;DR Security #§TLDR§ • The Cloud Security Reading List #64 * __Marché, Acquisitions__ ** Marché : • ** Acquisitions : • * __Divers__ ** • !!3 - Lien direct |!⇒ [[CloudSecurityAlliance.fr/go/KCD/|https://CloudSecurityAlliance.fr/go/KCD/]] | <<tiddler [[arOund0C]]>> %/
|!• Newsletter #94 is currently being written 
• Estimated release date: __after December 13th, 2020__ | | [img(100px,auto)[iCSF/Work.gif]]
The draft version of the 'Cloud and Security' News Watch is → [[here|2020.12.13 - Veille Hebdomadaire - 13 décembre]] ← | /% !Weekly Cloud and Security Watch Newsletter - December 07th to 13th, 2020 !!1 - CSA News and Updates - December 07th to 13th, 2020 * News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>=== * Publication: 'Cloud-Based, Intelligent Ecosystems' !!2 - Cloud and Security News Watch ([[over 60 links|2020.12.13 - Veille Hebdomadaire - 13 décembre]]) * __''Must read''__ ** ''SolarStorm: Many valuable information and IOCs have been published'' |>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities | |>|>|>|''Risques / Risks'' | |2020.12.08|Dark Reading|[[Attackers Know Microsoft 365 Better Than You Do|https://www.darkreading.com/cloud/attackers-know-microsoft-365-better-than-you-do/a/d-id/1339404]]|Risks O365| |2020.12.10|//SecurityTrails//|[[5 AWS Misconfigurations That May Be Increasing Your Attack Surface|https://securitytrails.com/blog/aws-misconfigurations-increasing-attack-surface]]|AWS Misconfigurations| |>|>|>|''Menaces / Threats'' | |2020.12.13|//Tripwire//|[[Cloud Security: Messy Blobs and Leaky Buckets|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-security-messy-blobs-leaky-buckets/]]|Threats| |2020.12.11|//Illumio//|[[How Zero Trust Allows Organisations to Address Each Step in the Cyber Kill Chain|https://www.illumio.com/blog/zero-trust-cyber-kill-chain]]Kill_Chain| |2020.12.08|Karim El-Melhaoui|[[AWS Systems Manager Attack and defense strategies|https://blog.karims.cloud/2020/12/08/ssm-attack-and-defense-strategies.html]]|AWS Attack Defense| |>|>|>|''Vulnérabilités / Vulnerabilities'' | |2020.12.08|Bleeping Computer|[[All Kubernetes versions affected by unpatched MiTM vulnerability|https://www.bleepingcomputer.com/news/security/all-kubernetes-versions-affected-by-unpatched-mitm-vulnerability/]]|Vulnerability CVE-2020-8554| |2020.12.09|//Stackrox//| ← [[CVE-2020-8554: Man in the Middle Vulnerability in Kubernetes - Top Recommendations|https://www.stackrox.com/post/2020/12/cve-2020-8554-man-in-the-middle-vulnerability-in-kubernetes-top-recommendations/]]|K8s CVE-2020-8554| |2020.12.10|//Trimarc Security//|[[Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory|https://www.hub.trimarcsecurity.com/post/leveraging-the-kerberos-bronze-bit-attack-cve-2020-17049-scenarios-to-compromise-active-directory]]|CVE-2020-17049 Kerberos Active_Directory| |2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Overview|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/]]|CVE-2020-17049 Kerberos Active_Directory| |2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Practical Exploitation|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/]]|CVE-2020-17049 Kerberos Active_Directory| |2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Theory|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/]]|CVE-2020-17049 Kerberos Active_Directory| |2020.12.08|//Duo Security//|[[Microsoft Teams Flaw Allowed Easy Remote Code Execution|https://duo.com/decipher/microsoft-teams-flaw-allowed-easy-remote-code-execution]]|Vulnerability Teams| |>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection | |>|>|>|''Bonnes pratiques / Best Practices'' | |2020.12.11|Sebastiaan van Putten|[[Enhance your resiliency against attacks with the new cloud-native threat protection capabilities of Azure Defender for DNS|https://www.seb8iaan.com/enhance-your-resiliency-against-attacks-with-the-new-cloud-native-threat-protection-capabilities-of-azure-defender-for-dns/]]|Azure DNS| |2020.12.12|Anton Chuvakin|[[Cloud Migration Security Woes|https://medium.com/anton-on-security/cloud-migration-security-woes-14d7301b9e3b]]|Migration| |2020.12.10|Dark Reading|[[Google Shares Cloud Security Tips|https://www.darkreading.com/cloud/google-shares-cloud-security-tips/d/d-id/1339670]]|Best_Practices GCP Webcast| |>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications | |>|>|>|''Rapports / Reports'' | |2020.12.08|//Zscaler//|[[The 2020 State of Cloud (In)Security|https://www.zscaler.com/blogs/security-research/2020-state-cloud-insecurity]]|Report| |>|>|>|''Publications'' | |2020.12.08|//DivvyCloud//|[[A Practical Guide to Gartner’s Cloud Security Archetypes|https://divvycloud.com/cnapp/]]|Architecture Gartner| |2020.12.07|MSSP Alert|[[Predictions 2021: Explosion in Adoption of Cloud-native Security Solutions|https://www.msspalert.com/cybersecurity-guests/predictions-2021-explosion-in-adoption-of-cloud-native-security-solutions/]]|Report| |>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools | |>|>|>|''AWS (Amazon)'' | |2020.12.09|Phil Rodrigues|![["Top Ten"? Security Updates from AWS re:Invent 2020|https://www.linkedin.com/pulse/top-ten-security-updates-from-aws-reinvent-2020-phil-rodrigues/]] |AWS Products| |2020.12.08|//Amazon AWS//|[[How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced|https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/]]|AWS DNS DDOS| |2020.12.08|//Javelynn//|[[Have you replaced IAM Users with AWS SSO yet?|https://www.javelynn.com/cloud/have-you-replaced-iam-users-with-aws-sso-yet/]]|AWS IAM SSO| |2020.12.08|//Amazon AWS//|[[New - VPC Reachability Analyzer|https://aws.amazon.com/blogs/aws/new-vpc-insights-analyzes-reachability-and-visibility-in-vpcs/]]|AWS VPC| |2020.12.08|//Amazon AWS//|[[Get started with fine-grained access control in Amazon Elasticsearch Service|https://aws.amazon.com/blogs/security/get-started-with-fine-grained-access-control-in-amazon-elasticsearch-service/]]|AWS Access_Controls| |2020.12.08|//Amazon AWS//|[[AWS Audit Manager Simplifies Audit Preparation|https://aws.amazon.com/blogs/aws/aws-audit-manager-simplifies-audit-preparation/]]|AWS Audit_Manager| |2020.12.07|//Amazon AWS//|[[Three common cloud encryption questions and their answers on AWS|https://aws.amazon.com/blogs/security/three-common-cloud-encryption-questions-and-their-answers-on-aws/]]|AWS Encyption| |>|>|>|''Azure (Microsoft)'' | |2020.12.09|//Mirosoft Azure//|[[Microsoft introduces steps to improve internet routing security|https://azure.microsoft.com/blog/microsoft-introduces-steps-to-improve-internet-routing-security/]]|Routing| |2020.12.07|//Mirosoft Azure//|[[The broadest range of cloud innovation across US Government data classifications|https://azure.microsoft.com/en-us/blog/the-broadest-range-of-cloud-innovation-across-us-government-data-classifications/]]|Azure Government| |2020.12.07|//Mirosoft Azure//|[[Microsoft launches Azure Government Top Secret cloud to handle classified data|https://www.zdnet.com/article/microsoft-launches-azure-government-top-secret-cloud-to-handle-classified-data/]]|Azure Government| |2020.12.08|//Avanan//|[[Microsoft ATP: Millions of Emails Reveal ATP and EOP Offer Similar Protection|https://www.avanan.com/blog/microsoft-atp-millions-of-emails-reveal-atp-and-eop-offer-similar-protection]]|Azure_ATP Products| |2020.12.07|SecureCloud Blog|[[Azure Sentinel & Log Analytics - Cross correlate between data on Azure Blob Storage and Log Analytics|https://securecloud.blog/2020/12/07/azure-sentinel-log-analytics-cross-correlate-between-data-on-azure-blob-storage-and-log-analytics/]]|Azure_Sentinel| |>|>|>|''GCP (Google)'' | |2020.12.13|Dawid Balut|![[Practical guide into GCP Security - entry/mid-level|https://dawidbalut.com/2020/12/12/practical-guide-into-gcp-security-entry-mid-level/]] ([[pdf|https://services.google.com/fh/files/misc/google-cloud-security-foundations-guide.pdf]]) |GCP| |2020.12.11|//Google Cloud//|[[Run shell commands and orchestrate Compute Engine VMs with Cloud Workflows|https://medium.com/google-cloud/run-shell-commands-and-orchestrate-compute-engine-vms-with-cloud-workflows-e345e616a24]]|GCP Cloud_Workflows| |2020.12.10|//Google Cloud//|[[What is zero trust identity security?|https://cloud.google.com/blog/topics/developers-practitioners/what-zero-trust-identity-security/]]|GCP Zero_Trust| |2020.12.08|//Google Cloud//|[[How to Automate Governance Best Practices With Google Data Catalog and Terraform|https://medium.com/google-cloud/how-to-automatically-manage-your-iam-access-controls-with-google-data-catalog-and-terraform-5ea33adcbdd4]]|GCP IAM| |>|>|>|''Oracle'' | |2020.12.08|//Oracle Cloud//|[[Oracle Identity and Access Management: What's New, What's Next?|https://blogs.oracle.com/cloudsecurity/oracle-identity-and-access-management-new-and-next]]|IAM| |>|>|>|''Kubernetes'' | |2020.12.13|DZone|[[Securing a K3s Cluster|https://dzone.com/articles/securing-k3s-cluster]]|K8s Cluster| |2020.12.10|//Conjur//|[[Securing Secrets in Kubernetes|https://www.conjur.org/blog/securing-secrets-in-kubernetes/]]|K8s Secrets_Management| |2020.12.10|//Stackrox//|[[CKS Certification Study Guide: Cluster Setup in Kubernetes|https://www.stackrox.com/post/2020/12/cks-certification-study-guide-cluster-setup-in-kubernetes/]]|K8s CKS| |2020.12.08|//Alcide//|[[New Kubernetes Vulnerability: CVE-2020-8554 Man in the Middle (MiTM) Attack Using Kubernetes Service Resources|https://blog.alcide.io/kubernetes-vulnerability-cve-2020-8554]]|CVE-2020-8554 Kubernetes| |>|>|>|''Containers'' | |2020.12.07|//Alcide//|[[Container Image Scanning for Kubernetes Deployments|https://blog.alcide.io/alcide-image-scanning]]|Image Scanning| |>|>|>|''Workloads'' | |2020.12.11|//Intezer//|[[Cloud Workload Security: Part 3 - Explaining Azure's Security Features|https://www.intezer.com/blog/cloud-workload-security-part-3-explaining-azures-security-features/]] (3/5)|Workloads| |>|>|>|''Outils / Tools'' | |2020.12.12|Marco Lancini|[[Semgrep for Cloud Security|https://www.marcolancini.it/2020/blog-semgrep-for-cloud-security/]]|Tools| ||[[r2c|http://r2c.dev/]]|[[Semgrep, a lightweight static analysis for many languages|https://github.com/returntocorp/semgrep]]|Tools| ||[[r2c|http://r2c.dev/]]|[[Semgrep rules registry|https://github.com/returntocorp/semgrep-rules]]|Tools| ||[[r2c|http://r2c.dev/]]|[[Semgrep documentations|https://github.com/returntocorp/semgrep-docs]]|Tools| |2020.12.09|//Digital Guardian//|[[50 Cloud-Based Security Selection Tips|https://digitalguardian.com/blog/50-cloud-based-security-selection-tips]]|Tools| |2020.12.09|Kitploit|[[RESTler - The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services|https://www.kitploit.com/2020/12/restler-first-stateful-rest-api-fuzzing.html]]|Tools| |2020.12.11|The Daily Swig|[[O365 Squatting: Open source tool finds malicious cloud-hosted domains before they’re used in phishing campaigns|https://portswigger.net/daily-swig/o365-squatting-open-source-tool-finds-malicious-cloud-hosted-domains-before-theyre-used-in-phishing-campaigns]]|Tools O365| |>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences | |>|>|>|''Podcasts'' | |2020.12.08|SilverLining IL|[[Episode 30: The challenges of CISO in a security company|https://silverlining-il.castos.com/episodes/episode-30-the-challenges-of-ciso-in-a-security-company]]|Podcast| |>|>|>|''Veilles / Newsletters'' | |2020.12.13|Marco Lancini|[[The Cloud Security Reading List #67|https://cloudseclist.com/issues/issue-67/]] |Weekly_Newsletter| |2020.12.09|TL;DR Security|[[#63 - OWASP, Fuzzing, and a New 'AWS Swiss Army Knife' Tool by Netflix|https://tldrsec.com/blog/tldr-sec-063/]] |Weekly_Newsletter| * __Attacks, Incidents, Data Leaks, Outages__ ** Attacks: New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign ** Incidents: Netgain Hit by Ransomware ** Outages: AWS impacted by Google Outage * __Risks, Threats, Vulnerabilities__ ** Risks: • ** Threats: • ** Vulnerabilities: • * __Best Practices, and Detection__ ** Best Practices: • ** Detection: • * __Reports, Surveys, Studies, Publications__ ** Reports: • ** Surveys: • ** Studies: • ** Publications: • * __Cloud Services Providers, Tools__ ** AWS: • ** Azure: • ** GCP: • ** Oracle: • ** Kubernetes: • ** Docker: • ** Containers: • ** Workloads: • ** Tools: • * __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__ ** Conferences: • ** Podcasts: • ** Newsletters: TL;DR Security #63 • The Cloud Security Reading List #67 • * __Market, Acquisitions__ ** Market: CLUSIF will use Shadline for Sharing and Communicating ** Acquisitions: • |>|>|>|!Marché, Acquisitions / Market, Acquisitions | |>|>|>|''Marché / Market'' | |2020.12.11|//Shadline//[>img[iCSF/flag_fr.png]]|[[Le Clusif choisit Shadline pour faciliter les échanges de ses membres|https://www.shadline.com/le-clusif-choisit-shadline-pour-faciliter-les-echanges-de-ses-membres/]]|Tools Communications| |2020.12.10|//IBM//|[[IBM Collaborates with AWS on Security for Hybrid Cloud|https://newsroom.ibm.com/2020-12-10-IBM-Collaborates-with-AWS-on-Security-for-Hybrid-Cloud]]|IBM AWS| |>|>|>|''Acquisitions'' | |2020.12.09|Help Net Security|[[Sysnet acquires Viking Cloud to enhance its cloud security platform and boost market expansion|https://www.helpnetsecurity.com/2020/12/09/sysnet-global-solutions-viking-cloud/]]|Acquisition| * __Miscellaneous__ ** IAM: Cloud Identity and Access Management: Understanding the Chain of Accessps|https://securityintelligence.com/posts/how-to-transform-from-devops-to-devsecops/]]|DecSecOps| !!3 - Link |!⇒ [[CloudSecurityAlliance.fr/go/KCD/|https://CloudSecurityAlliance.fr/go/KCD/]] | <<tiddler [[arOund0C]]>> %/
!!Veille Hebdomadaire - 7 au 13 décembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2020.12.09|//Cybereason//|[[New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign|https://www.cybereason.com/blog/new-malware-arsenal-abusing-cloud-platforms-in-middle-east-espionage-campaign]]|Attack|
|>|>|>|''Incidents'' |
|2020.12.10|Silicon Angle|[[Cloud hosting provider Netgain struck by ransomware attack|https://siliconangle.com/2020/12/09/cloud-hosting-provider-netgain-struck-ransomware-attack/]]|Ransomware|
|>|>|>|''Pannes / Outages'' |
|2020.12.08|Last Week in AWS|[[The Google Disease Afflicting AWS|https://www.lastweekinaws.com/blog/the-google-disease-afflicting-aws/]]|AWS|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.08|Dark Reading|[[Attackers Know Microsoft 365 Better Than You Do|https://www.darkreading.com/cloud/attackers-know-microsoft-365-better-than-you-do/a/d-id/1339404]]|Risks O365|
|2020.12.10|//SecurityTrails//|[[5 AWS Misconfigurations That May Be Increasing Your Attack Surface|https://securitytrails.com/blog/aws-misconfigurations-increasing-attack-surface]]|AWS Misconfigurations|
|>|>|>|''Menaces / Threats'' |
|2020.12.13|//Tripwire//|[[Cloud Security: Messy Blobs and Leaky Buckets|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-security-messy-blobs-leaky-buckets/]]|Threats|
|2020.12.11|//Illumio//|[[How Zero Trust Allows Organisations to Address Each Step in the Cyber Kill Chain|https://www.illumio.com/blog/zero-trust-cyber-kill-chain]]Kill_Chain|
|2020.12.08|Karim El-Melhaoui|[[AWS Systems Manager Attack and defense strategies|https://blog.karims.cloud/2020/12/08/ssm-attack-and-defense-strategies.html]]|AWS Attack Defense|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.12.08|Bleeping Computer|[[All Kubernetes versions affected by unpatched MiTM vulnerability|https://www.bleepingcomputer.com/news/security/all-kubernetes-versions-affected-by-unpatched-mitm-vulnerability/]]|Vulnerability CVE-2020-8554|
|2020.12.09|//Stackrox//| ← [[CVE-2020-8554: Man in the Middle Vulnerability in Kubernetes - Top Recommendations|https://www.stackrox.com/post/2020/12/cve-2020-8554-man-in-the-middle-vulnerability-in-kubernetes-top-recommendations/]]|K8s CVE-2020-8554|
|2020.12.10|//Trimarc Security//|[[Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory|https://www.hub.trimarcsecurity.com/post/leveraging-the-kerberos-bronze-bit-attack-cve-2020-17049-scenarios-to-compromise-active-directory]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Overview|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Practical Exploitation|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Theory|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//Duo Security//|[[Microsoft Teams Flaw Allowed Easy Remote Code Execution|https://duo.com/decipher/microsoft-teams-flaw-allowed-easy-remote-code-execution]]|Vulnerability Teams|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.11|Sebastiaan van Putten|[[Enhance your resiliency against attacks with the new cloud-native threat protection capabilities of Azure Defender for DNS|https://www.seb8iaan.com/enhance-your-resiliency-against-attacks-with-the-new-cloud-native-threat-protection-capabilities-of-azure-defender-for-dns/]]|Azure DNS|
|2020.12.12|Anton Chuvakin|[[Cloud Migration Security Woes|https://medium.com/anton-on-security/cloud-migration-security-woes-14d7301b9e3b]]|Migration|
|2020.12.10|Dark Reading|[[Google Shares Cloud Security Tips|https://www.darkreading.com/cloud/google-shares-cloud-security-tips/d/d-id/1339670]]|Best_Practices GCP Webcast|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.12.08|//Zscaler//|[[The 2020 State of Cloud (In)Security|https://www.zscaler.com/blogs/security-research/2020-state-cloud-insecurity]]|Report|
|>|>|>|''Publications'' |
|2020.12.08|//DivvyCloud//|[[A Practical Guide to Gartner’s Cloud Security Archetypes|https://divvycloud.com/cnapp/]]|Architecture Gartner|
|2020.12.07|MSSP Alert|[[Predictions 2021: Explosion in Adoption of Cloud-native Security Solutions|https://www.msspalert.com/cybersecurity-guests/predictions-2021-explosion-in-adoption-of-cloud-native-security-solutions/]]|Report|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.12.09|Phil Rodrigues|![["Top Ten"? Security Updates from AWS re:Invent 2020|https://www.linkedin.com/pulse/top-ten-security-updates-from-aws-reinvent-2020-phil-rodrigues/]] |AWS Products|
|2020.12.08|//Amazon AWS//|[[How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced|https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/]]|AWS DNS DDOS|
|2020.12.08|//Javelynn//|[[Have you replaced IAM Users with AWS SSO yet?|https://www.javelynn.com/cloud/have-you-replaced-iam-users-with-aws-sso-yet/]]|AWS IAM SSO|
|2020.12.08|//Amazon AWS//|[[New - VPC Reachability Analyzer|https://aws.amazon.com/blogs/aws/new-vpc-insights-analyzes-reachability-and-visibility-in-vpcs/]]|AWS VPC|
|2020.12.08|//Amazon AWS//|[[Get started with fine-grained access control in Amazon Elasticsearch Service|https://aws.amazon.com/blogs/security/get-started-with-fine-grained-access-control-in-amazon-elasticsearch-service/]]|AWS Access_Controls|
|2020.12.08|//Amazon AWS//|[[AWS Audit Manager Simplifies Audit Preparation|https://aws.amazon.com/blogs/aws/aws-audit-manager-simplifies-audit-preparation/]]|AWS Audit_Manager|
|2020.12.07|//Amazon AWS//|[[Three common cloud encryption questions and their answers on AWS|https://aws.amazon.com/blogs/security/three-common-cloud-encryption-questions-and-their-answers-on-aws/]]|AWS Encyption|
|>|>|>|''Azure (Microsoft)'' |
|2020.12.09|//Mirosoft Azure//|[[Microsoft introduces steps to improve internet routing security|https://azure.microsoft.com/blog/microsoft-introduces-steps-to-improve-internet-routing-security/]]|Routing|
|2020.12.07|//Mirosoft Azure//|[[The broadest range of cloud innovation across US Government data classifications|https://azure.microsoft.com/en-us/blog/the-broadest-range-of-cloud-innovation-across-us-government-data-classifications/]]|Azure Government|
|2020.12.07|//Mirosoft Azure//|[[Microsoft launches Azure Government Top Secret cloud to handle classified data|https://www.zdnet.com/article/microsoft-launches-azure-government-top-secret-cloud-to-handle-classified-data/]]|Azure Government|
|2020.12.08|//Avanan//|[[Microsoft ATP: Millions of Emails Reveal ATP and EOP Offer Similar Protection|https://www.avanan.com/blog/microsoft-atp-millions-of-emails-reveal-atp-and-eop-offer-similar-protection]]|Azure_ATP Products|
|2020.12.07|SecureCloud Blog|[[Azure Sentinel & Log Analytics - Cross correlate between data on Azure Blob Storage and Log Analytics|https://securecloud.blog/2020/12/07/azure-sentinel-log-analytics-cross-correlate-between-data-on-azure-blob-storage-and-log-analytics/]]|Azure_Sentinel|
|>|>|>|''GCP (Google)'' |
|2020.12.13|Dawid Balut|![[Practical guide into GCP Security - entry/mid-level|https://dawidbalut.com/2020/12/12/practical-guide-into-gcp-security-entry-mid-level/]] ([[pdf|https://services.google.com/fh/files/misc/google-cloud-security-foundations-guide.pdf]]) |GCP|
|2020.12.11|//Google Cloud//|[[Run shell commands and orchestrate Compute Engine VMs with Cloud Workflows|https://medium.com/google-cloud/run-shell-commands-and-orchestrate-compute-engine-vms-with-cloud-workflows-e345e616a24]]|GCP Cloud_Workflows|
|2020.12.10|//Google Cloud//|[[What is zero trust identity security?|https://cloud.google.com/blog/topics/developers-practitioners/what-zero-trust-identity-security/]]|GCP Zero_Trust|
|2020.12.08|//Google Cloud//|[[How to Automate Governance Best Practices With Google Data Catalog and Terraform|https://medium.com/google-cloud/how-to-automatically-manage-your-iam-access-controls-with-google-data-catalog-and-terraform-5ea33adcbdd4]]|GCP IAM|
|>|>|>|''Oracle'' |
|2020.12.08|//Oracle Cloud//|[[Oracle Identity and Access Management: What's New, What's Next?|https://blogs.oracle.com/cloudsecurity/oracle-identity-and-access-management-new-and-next]]|IAM|
|>|>|>|''Kubernetes'' |
|2020.12.13|DZone|[[Securing a K3s Cluster|https://dzone.com/articles/securing-k3s-cluster]]|K8s Cluster|
|2020.12.10|//Conjur//|[[Securing Secrets in Kubernetes|https://www.conjur.org/blog/securing-secrets-in-kubernetes/]]|K8s Secrets_Management|
|2020.12.10|//Stackrox//|[[CKS Certification Study Guide: Cluster Setup in Kubernetes|https://www.stackrox.com/post/2020/12/cks-certification-study-guide-cluster-setup-in-kubernetes/]]|K8s CKS|
|2020.12.08|//Alcide//|[[New Kubernetes Vulnerability: CVE-2020-8554 Man in the Middle (MiTM) Attack Using Kubernetes Service Resources|https://blog.alcide.io/kubernetes-vulnerability-cve-2020-8554]]|CVE-2020-8554 Kubernetes|
|2020.12.07|//IT Next//|[[CKS Exam Series #1 Create Cluster & Security Best Practices|https://itnext.io/cks-exam-series-1-create-cluster-security-best-practices-50e35aaa67ae]]|CKS|
|>|>|>|''Containers'' |
|2020.12.07|//Alcide//|[[Container Image Scanning for Kubernetes Deployments|https://blog.alcide.io/alcide-image-scanning]]|Image Scanning|
|>|>|>|''Docker'' |
|2020.12.08|//SecureFlag//|[[Securing the Docker Ecosystem: Part 3: Strategies to Secure the Container Runtime|https://blog.secureflag.com/2020/12/08/securing-the-docker-ecosystem-part-3-the-container-runtime.html]] (3/3)|
|>|>|>|''Workloads'' |
|2020.12.11|//Intezer//|[[Cloud Workload Security: Part 3 - Explaining Azure's Security Features|https://www.intezer.com/blog/cloud-workload-security-part-3-explaining-azures-security-features/]] (3/5)|Workloads|
|>|>|>|''Outils / Tools'' |
|2020.12.12|Marco Lancini|[[Semgrep for Cloud Security|https://www.marcolancini.it/2020/blog-semgrep-for-cloud-security/]]|Tools|
||[[r2c|http://r2c.dev/]]|[[Semgrep, a lightweight static analysis for many languages|https://github.com/returntocorp/semgrep]]|Tools|
||[[r2c|http://r2c.dev/]]|[[Semgrep rules registry|https://github.com/returntocorp/semgrep-rules]]|Tools|
||[[r2c|http://r2c.dev/]]|[[Semgrep documentations|https://github.com/returntocorp/semgrep-docs]]|Tools|
|2020.12.09|//Digital Guardian//|[[50 Cloud-Based Security Selection Tips|https://digitalguardian.com/blog/50-cloud-based-security-selection-tips]]|Tools|
|2020.12.09|Kitploit|[[RESTler - The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services|https://www.kitploit.com/2020/12/restler-first-stateful-rest-api-fuzzing.html]]|Tools|
|2020.12.11|The Daily Swig|[[O365 Squatting: Open source tool finds malicious cloud-hosted domains before they’re used in phishing campaigns|https://portswigger.net/daily-swig/o365-squatting-open-source-tool-finds-malicious-cloud-hosted-domains-before-theyre-used-in-phishing-campaigns]]|Tools O365|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2020.12.08|SilverLining IL|[[Episode 30: The challenges of CISO in a security company|https://silverlining-il.castos.com/episodes/episode-30-the-challenges-of-ciso-in-a-security-company]]|Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2020.12.13|Marco Lancini|[[The Cloud Security Reading List #67|https://cloudseclist.com/issues/issue-67/]] |Weekly_Newsletter|
|2020.12.09|TL;DR Security|[[#63 - OWASP, Fuzzing, and a New 'AWS Swiss Army Knife' Tool by Netflix|https://tldrsec.com/blog/tldr-sec-063/]] |Weekly_Newsletter|
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.12.11|//Shadline//[>img[iCSF/flag_fr.png]]|[[Le Clusif choisit Shadline pour faciliter les échanges de ses membres|https://www.shadline.com/le-clusif-choisit-shadline-pour-faciliter-les-echanges-de-ses-membres/]]|Tools Communications|
|2020.12.10|//IBM//|[[IBM Collaborates with AWS on Security for Hybrid Cloud|https://newsroom.ibm.com/2020-12-10-IBM-Collaborates-with-AWS-on-Security-for-Hybrid-Cloud]]|IBM AWS|
|>|>|>|''Acquisitions'' |
|2020.12.09|Help Net Security|[[Sysnet acquires Viking Cloud to enhance its cloud security platform and boost market expansion|https://www.helpnetsecurity.com/2020/12/09/sysnet-global-solutions-viking-cloud/]]|Acquisition|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''CSPM'' |
|2020.12.11|//CipherCloud//|[[The Cloud, The Breach, and the increased role of CSPM|https://www.ciphercloud.com/the-cloud-the-breach-and-the-increased-role-of-cspm/]]|CSPM|
|>|>|>|''DNS'' |
|2020.12.07|//Akamai//|[[Distinguishing Among DNS Services Part 2: The Economics|https://blogs.akamai.com/2020/12/distinguishing-among-dns-services-part-2-the-economics.html]] {2/3}|!DNS|
|>|>|>|''IAM'' |
|2020.12.10|Dark Reading|[[Cloud Identity and Access Management: Understanding the Chain of Access|https://www.darkreading.com/cloud/cloud-identity-and-access-management-understanding-the-chain-of-access/a/d-id/1339463]]|IAM|
|>|>|>|''Protection des données / Data Privacy'' |
|2020.12.09|Acteurs Publics[>img[iCSF/flag_fr.png]]|[[Malgré la controverse, le Health Data Hub met ses premiers projets sur les rails|https://www.acteurspublics.fr/articles/malgre-la-controverse-le-health-data-hub-met-ses-premiers-projets-sur-les-rails]]|France Health_DataHub|
|>|>|>|''SASE'' |
|2020.12.13|//The Last Watchdog//|[[Guest Essay: Here's how Secure Access Service Edge — 'SASE' — can help, post Covid-19|https://www.lastwatchdog.com/guest-essay-heres-how-secure-access-service-edge-sase-can-help-post-covid-19/]]|SASE|
|2020.12.11|//Forcepoint//|[[Using SASE with Zero Trust to Simplify Access to Private Apps in AWS|https://www.forcepoint.com/blog/insights/simplify-access-aws-private-apps]]|SASE Zero_Trust|
|>|>|>|''SIEM'' |
|2020.12.09|Computer Weekly|[[How cloud-based SIEM tools benefit SOC teams|https://searchcloudsecurity.techtarget.com/tip/How-cloud-based-SIEM-tools-benefit-SOC-teams]]|SIEM|
|2020.12.07|MSSP Alert|[[Sumo Logic Cloud SIEM Demand Remains Strong|https://www.msspalert.com/cybersecurity-services-and-products/siem/sumo-logic-cloud-demand/]]|SIEM|
|>|>|>|''Zero Trust'' |
|2020.12.09|//Illumio//|[[Take Me to Your Domain Controller: How Attackers Discover and Understand Your Environment|https://www.illumio.com/blog/domain-controller-1]] (1/3)|Zero_Trust|
|>|>|>|''Autres / Others'' |
|2020.12.13|//Ermetic//|[[The Wild Ride of 2020 and its Impact on Cloud Security|https://securityboulevard.com/2020/12/the-wild-ride-of-2020-and-its-impact-on-cloud-security/]]|Trends|
|2020.12.11|//PivotPoint Security//|[[Where SaaS Firms Stumble on Cybersecurity|https://www.pivotpointsecurity.com/blog/where-saas-firms-stumble-on-cybersecurity/]]|SaaS|
|2020.12.09|//Radware//|[[Protecting Applications Across Multiple Clouds|https://blog.radware.com/security/applicationsecurity/2020/12/protecting-applications-across-multiple-clouds/]]|Multi_Cloud|
|2020.12.07|MSSP Alert|[[The 3 Trends Defining Ransomware in 2021|https://www.msspalert.com/cybersecurity-guests/the-3-trends-defining-ransomware-in-2021/]]|Trends Ransomware|
|2020.12.07|//Security Intelligence//|[[How to Transform From DevOps to DevSecOps|https://securityintelligence.com/posts/how-to-transform-from-devops-to-devsecops/]]|DecSecOps|
<<tiddler [[arOund0C]]>>
!"//Cloud-Based, Intelligent Ecosystems//"
[>img(200px,auto)[iCSA/KCAPC.png]]Publication du 10 décembre 2020 //
!!!Synthèse
<<<
//Release Date: 12/10/2020
Today's enterprise security world revolves around endless tools and ingestion of data points that often become confusing and unrealistic to decipher. It is difficult to gain a grasp how they impact business or the critical potential they hold in order to respond timely. The Cloud-Based, Intelligent Ecosystems paper aims towards executives in businesses whose focus is within securing their environment. The five sections presented within this paper address key areas in understanding the meaning of intelligence, the concept of how threat gathering works, securing a cloud-based, intelligent ecosystem, security business analytics, and lastly, areas of further research. 
To understand your specific threat intelligence model, one must first understand the tools currently within use, whether it be endpoint protection or other security sensors on the network. Companies must normalize and automate their internal tools to transform and extract actionable intelligence, while using external sources to reduce detection and response times. This is not a call for more tools, but rather how to use what you currently have at an optimal level. With the growing use of AI and Machine Learning, these technologies can expand the reach of tools and assist in the precision and accuracy of false positive data sets. 
Threat intelligence can be expanded over time when addressing IoT devices throughout enterprise, and how "sense, understand, act" can enhance and understand complexities within enterprise ecosystems. By also understanding other emerging technologies, such as blockchain, we can assume that the size of data will continue to move upwards. The important aspect here is capturing how to align threat intelligence to emerging technology so you do not get left behind.//
<<<
!!!Communiqué de presse
<<<
!!!!Cloud Security Alliance Releases Cloud-Based, Intelligent Ecosystems - Redefining Intelligence & Driving to Autonomous Security Operations
//Document calls out five unique security challenges that can lead to adversaries' success
SEATTLE - Dec. 10, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released Cloud-Based, Intelligent Ecosystems - Redefining Intelligence & Driving to Autonomous Security Operations. The paper looks to address the disconnect within cybersecurity wherein increasing numbers of security solutions are only serving to make enterprises more vulnerable. In the document, the authors encourage security executives to break the endless cycle of iterative tool adoption, and, instead, move to data-centric security operations that drive integration and automation while simultaneously leveraging cloud-based fusion.
"We are in a cyber arms race that has precipitated a security tool-race with adversaries' evolving attacks forcing us to spend more to try to defend ourselves. Our default response is to adopt new tools to try to keep up, but we are losing this race as adversaries continue to outpace defenders," said Jim Reavis, co-founder and CEO, Cloud Security Alliance. "We are increasing operations and personnel costs but somehow decreasing security and efficiency. Our complex and costly operations are, in fact, increasing the probability of adversaries' success."

CSA took a step back to examine the problem holistically and identified a critical gap: the absence of a capability to easily leverage and fuse output from security tools and threat intelligence deployed. Over the course of the examination, at least five unique cybersecurity challenges surfaced:
* Security technology and adversaries are changing fast. Keeping pace with new and emerging problems has made it difficult to examine the situation as a whole and the underlying issues that develop into more pronounced threats.
* The vendor community has focused on a "single pane of glass" that visually represents event data. This good idea is limited by the fact that the wealth and diversity of event data are hard to represent, along with the pace of malicious activity. Moreover, buyers are reluctant to commit to a single pane, given the significant investment in training on major security products.
* The absence of a readily implementable exchange protocol and data-labeling ontology has slowed progress.
* Normalization and transformation of disparate data sets from security tools and intel sources have represented the "valley of death" for integration and automation until recently.
* A shift from a singular focus on software and products to secure systems to focusing on the data generated by security systems.

The paper unpacks "intelligence" and addresses the challenges of integrating data from internal security tools and external threat feeds and leverages lessons learned from the autonomous vehicle industry's "sense, understand, and act" methodology. The authors go on to propose secure, intelligent ecosystems to enrich data workflow and apply machine learning and address security business analytics and the importance of measuring business outcomes for boards of directors, chief information security officers, and security operators. Finally, the document proposes areas for further exploration and investigation.
"We, as security defenders need to act, but our success will be temporary until we break the cycle and place a new cornerstone for cyber defense — cloud-based, data-centric defense. It's time business leadership takes the initiative to break the cycle and defend their companies through data-centric, integration, and automation of their tools and overall architecture," said Paul Kurtz, Board of Directors, Cloud Security Alliance.//
<<<
!!!Liens
* Communiqué de presse ⇒ https://cloudsecurityalliance.org/press-releases/2020/12/10/cloud-security-alliance-releases-cloud-based-intelligent-ecosystems-redefining-intelligence-driving-to-autonomous-security-operations/
* Téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/cloud-based-intelligent-ecosystems/
* Document (PDF) ⇒ https://cloudsecurityalliance.org/download/artifacts/cloud-based-intelligent-ecosystems/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #93|2020.12.06 - Newsletter Hebdomadaire #93]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #93|2020.12.06 - Weekly Newsletter - #93]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.12.06 - Newsletter Hebdomadaire #93]]>> |<<tiddler [[2020.12.06 - Weekly Newsletter - #93]]>> |
| La [[dernière Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' | The [[latest Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' is dated from ''<<tiddler [[LatestWeeklyEN]]>>'' |
|!• La newsletter #93 est en cours de rédaction 
• Date de publication estimée : __à partir du 06 décembre 2020__ | | [img(100px,auto)[iCSF/Work.gif]]
La Veille 'Web Cloud et Sécurité' en cours de rédaction est → [[ici|2020.12.06 - Veille Hebdomadaire - 06 décembre]] ← | /% |!⇒ [[CloudSecurityAlliance.fr/go/KC6/|https://CloudSecurityAlliance.fr/go/KC6/]] | <<tiddler [[arOund06]]>>%/
|!• Newsletter #93 is currently being written 
• Estimated release date: __after December 06th, 2020__ | | [img(100px,auto)[iCSF/Work.gif]]
The draft version of the 'Cloud and Security' News Watch is → [[here|2020.12.06 - Veille Hebdomadaire - 06 décembre]] ← | /%|!⇒ [[CloudSecurityAlliance.fr/go/KC§D§/|https://CloudSecurityAlliance.fr/go/KC§D§/]] | <<tiddler [[arOund06]]>>%/
!!Veille Hebdomadaire - 30 novembre au 6 décembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|>|>|>|''Incidents'' |
|>|>|>|''Fuites de données / Leaks'' |
|>|>|>|''Pannes / Outages'' |
|2020.11.30|CRN AU|[[AWS apologises for cloud outage from Amazon Kinesis|http://www.crn.com.au/news/aws-apologises-for-cloud-outage-from-amazon-kinesis-558398]]|Ourtage AWS|
|2020.11.30|The Register|[[AWS reveals it broke itself by exceeding OS thread limits, sysadmins weren't familiar with some workarounds|https://www.theregister.com/2020/11/30/aws_outage_explanation/]]|Outage AWS|
|2020.11.30|//Cloud Management Insider//|[[AWS Outage Resolved, All Operations Return to Normal|https://www.cloudmanagementinsider.com/aws-outage-resolved-all-operations-return-to-normal/]]|Outage AWS|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.04|//MalwareBytes Labs//|[[File-sharing and cloud storage sites: How safe are they?|https://blog.malwarebytes.com/how-tos-2/2020/12/file-sharing-and-cloud-storage-sites-how-safe-are-they/]]|File_Sharing Storage|
|2020.12.03|Dark Reading|![[Cloud Security Threats for 2021|https://www.darkreading.com/cloud/cloud-security-threats-for-2021/a/d-id/1339454]] |Risks Prospective|
|2020.12.02|Cybersecurity Insiders|[[4 Protocols That Eliminate the Security Risks of Cloud Migration|https://www.cybersecurity-insiders.com/4-protocols-that-eliminate-the-security-risks-of-cloud-migration/]]|Risks|
|>|>|>|''Menaces / Threats'' |
|2020.11.30|ZDnet|[[Docker malware is now common, so devs need to take Docker security seriously|https://www.zdnet.com/article/docker-malware-is-now-common-so-devs-need-to-take-docker-security-seriously/]]|Docker Malware|
|2020.12.02|//HashiCorp//|[[Shifting Threat Modeling Left: Automated Threat Modeling Using Terraform|https://www.hashicorp.com/resources/shifting-threat-modeling-left-automated-threat-modeling-using-terraform]]|Threat_Modeling|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.12.03|The New Stack|[[New containerd Security Hole Needs to Be Patched ASAP|https://thenewstack.io/new-containerd-security-hole-needs-to-be-patched-asap/]]|Containerd Flaw|
|2020.11.30|//NCC Group//|[[Technical Advisory Containerd: Containerd Shim API Exposed to Host Network Containers CVE-2020-15257|https://research.nccgroup.com/2020/11/30/technical-advisory-containerd-containerd-shim-api-exposed-to-host-network-containers-cve-2020-15257/]]|CVE-2020-15257|
|2020.12.03|Dark Reading| → [[Common Container Manager Is Vulnerable to Dangerous Exploit|https://www.darkreading.com/cloud/common-container-manager-is-vulnerable-to-dangerous-exploit/d/d-id/1339607]]|CVE-2020-15257|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.04|Marteen Goet|![[8 Easy Steps to Improve Your Security Posture in Azure|https://github.com/maartengoet/presentations/blob/master/2020_12_vacd_8_easy_steps_to_improve_your_security_posture_in_azure.pdf]] (pdf) |Best_Practices AWS|
|2020.12.04|//CyberArk Conjur//|[[Security Automation: Best Practices for Secrets Management in a Configuration-as-Code Environment|https://www.conjur.org/blog/security-automation-best-practices-for-secrets-management-in-a-configuration-as-code-environment/]]|Secrets_Management|
|2020.12.01|Container Journal|[[Kubernetes Best Practices in Production|https://containerjournal.com/topics/container-management/kubernetes-best-practices-in-production/]]|K8s|
|2020.12.03|DZone|[[AWS Cloud Monitoring: Best Practices and Top-Notch Tools|https://dzone.com/articles/aws-cloud-monitoring-best-practices-and-top-notch]]|AWS Best_Practices|
|>|>|>|''Protection'' |
|>|>|>|''Détection / Detection'' |
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.12.01|//Prevasio//|[[Operation "Red Kangaroo": Industry's First Dynamic Analysis of 4M Public Docker Container Images|https://blog.prevasio.com/2020/12/operation-red-kangaroo-industrys-first.html]] ([[Rapport|https://prevasio.com/static/Red_Kangaroo.pdf]])|Report|
|2020.12.01|Dark Reading| → [[Malicious or Vulnerable Docker Images Widespread, Firm Says|https://www.darkreading.com/threat-intelligence/malicious-or-vulnerable-docker-images-widespread-firm-says/d/d-id/1339576]]|Report|
|2020.12.02|Dark Reading| → [[Analysis of 4 Million Docker Images Shows Half Have Critical Vulnerabilities|https://www.securityweek.com/analysis-4-million-docker-images-shows-half-have-critical-vulnerabilities]]|Report|
|2020.12.02|Security Week| → [[Analysis of 4 Million Docker Images Shows Half Have Critical Vulnerabilities|http://https://www.securityweek.com/analysis-4-million-docker-images-shows-half-have-critical-vulnerabilities]]|Report|
|2020.12.03|Container Journal| → [[Report: Docker Hub Container Vulnerabilities High|https://containerjournal.com/topics/container-security/report-docker-hub-container-vulnerabilities-high/]]|Report|
|>|>|>|''Sondages / Surveys'' |
|2020.11.30|Lexology|[[Global: 2020 Digital Transformation & Cloud Survey|https://www.lexology.com/library/detail.aspx?g=ed3660fe-fd39-447d-82f2-b8f649657b9c]]|Survey|
|>|>|>|''Études / Studies'' |
|>|>|>|''Publications'' |
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.12.02|Silicon[>img[iCSF/flag_fr.png]]|[[AWS re:Invent 2020 : les annonces à retenir|https://www.silicon.fr/aws-reinvent-2020-les-annonces-a-retenir-352627.html]]|AWS Conference|
|2020.12.03|Help Net Security|[[AWS releases four storage innovations to add storage performance, resiliency, and value to customers|https://www.helpnetsecurity.com/2020/12/03/aws-four-storage-innovations/]]|AWS Conference|
|2020.12.04|//Amazon AWS//|[[Enforce your AWS Network Firewall protections at scale with AWS Firewall Manager|https://aws.amazon.com/blogs/security/enforce-your-aws-network-firewall-protections-at-scale-with-aws-firewall-manager/]]|AWS_Firewall|
|2020.12.03|//Amazon AWS//|[[New – SaaS Lens in AWS Well-Architected Tool|https://aws.amazon.com/blogs/aws/new-saas-lens-in-aws-well-architected-tool/]]|AWS SaaS|
|2020.12.02|//Amazon AWS//|[[New - Amazon S3 Replication Adds Support for Multiple Destination Buckets|https://aws.amazon.com/blogs/aws/new-amazon-s3-replication-adds-support-for-multiple-destination-buckets/]]|AWS|
|2020.12.02|//Amazon AWS//|[[Techniques for writing least privilege IAM policies|https://aws.amazon.com/blogs/security/techniques-for-writing-least-privilege-iam-policies/]]|AWS IAM|
|2020.12.02|//Amazon AWS//|[[Amazon S3 Update – Strong Read-After-Write Consistency|https://aws.amazon.com/blogs/aws/amazon-s3-update-strong-read-after-write-consistency/]]|Integrity|
|2020.12.01|Security Week|[[Webinar Today: Advanced Tips for Securing Large AWS Environments|https://www.securityweek.com/webinar-today-advanced-tips-securing-large-aws-environments]]|Webcast AWS|
|2020.12.03|//Security Intelligence//|[[5 Ways to Accelerate Security Confidence for AWS Cloud|https://securityintelligence.com/posts/accelerate-security-confidence-aws-cloud/]]|AWS Confidence|
|2020.12.03|//Forcepoint//|[[Talking Cloud Security with Amazon Web Services|https://www.forcepoint.com/blog/insights/talking-cloud-security-with-aws]]|AWS|
|2020.12.03|//Cloudonaut//|[[How to configure SAML for AWS SSO?|https://cloudonaut.io/how-to-configure-saml-for-aws-sso/]]|AWS_SSO|
|2020.12.01|//Expel//|[[Evilginx-ing into the cloud: How we detected a red team attack in AWS|https://expel.io/blog/evilginx-into-cloud-detected-red-team-attack-in-aws/]]|Detection|
|>|>|>|''Azure (Microsoft)'' |
|2020.12.04|Daniel Neumann|[[Azure Reservations and the RBAC dilemma|https://www.danielstechblog.io/azure-reservations-and-the-rbac-dilemma/]]|Azure RBAC|
|2020.12.01|//Microoft Azure//|[[Azure AD Application Proxy now natively supports apps that use header-based authentication|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-application-proxy-now-natively-supports-apps-that-use/ba-p/1751707]]|AzureAD|
|2020.11.30|Secure Cloud Blog|[[DynDNS endpoint on Azure Functions|https://securecloud.blog/2020/11/30/dyndns-endpoint-on-azure-functions/]]|Azure DNS|
|>|>|>|''GCP (Google)'' |
|2020.12.06|//Codeburst.io//|[[Google Kubernetes Engine Logging by Example|https://codeburst.io/google-kubernetes-engine-logging-by-example-df6946dcba6b]]|GKE Logging|
|2020.11.30|//Google Cloud//|[[Using Cloud Workflows to load Cloud Storage files into BigQuery|https://medium.com/google-cloud/using-cloud-workflows-to-load-cloud-storage-files-into-bigquery-54228d166a7d]]|GCP Cloud_Workflows|
|>|>|>|''Oracle'' |
|2020.12.03|//Oracle//|[[Security-First principles for Identity and Access Management|https://blogs.oracle.com/cloudsecurity/security-first-principles-for-identity-and-access-management]]|IAM|
|>|>|>|''Kubernetes'' |
|2020.12.06|CyberSecurity Indiders|[[How to secure a Kubernetes cluster|https://www.cybersecurity-insiders.com/how-to-secure-a-kubernetes-cluster-2/]]|K8s|
|2020.12.04|//DivvyCloud//|[[A Holistic Approach to Kubernetes Security and Compliance|https://divvycloud.com/a-holistic-approach-to-kubernetes-security-and-compliance/]]|K8s|
|2020.12.03|//Alcide//|![[Kubernetes Threat Vectors: Part 4 - Privilege Escalation|https://www.alcide.io/kubernetes-threat-vectors-part-4-privilege-escalation]] (4/11) |Kubernetes Threats|
|2020.12.03|//Snyk//|[[Kernel privilege escalation: how Kubernetes container isolation impacts privilege escalation attacks|https://snyk.io/blog/kernel-privilege-escalation/]]|K8s|
|2020.12.02|//AlienVault//|[[How to secure a Kubernetes cluster|https://feeds.feedblitz.com/~/639499898/0/alienvault-blogs~How-to-secure-a-Kubernetes-cluster]]|K8s Cluster|
|2020.11.30|Thomas Stringer|[[Find Which apiVersion to Use for Kubernetes Resources|https://trstringer.com/kubernetes-apiversion/]]|K8s APIs|
|>|>|>|''Docker'' |
|2020.12.06|Jatin Yadav|[[Harden Docker with CIS – (P2) Host configurations|https://blog.jtnydv.com/harden-docker-with-cis-p2-host-configurations/]]|Docker Hardening CIS|
|2020.11.29|Jatin Yadav|[[Harden Docker with CIS – (P1) Environment setup|https://blog.jtnydv.com/harden-docker-with-cis-p1-environment-setup/]]|Docker Hardening CIS|
|2020.11.30|ZDnet|[[Docker malware is now common, so devs need to take Docker security seriously|https://www.zdnet.com/article/docker-malware-is-now-common-so-devs-need-to-take-docker-security-seriously/]]|Docker Malware|
|2020.11.30|//SecureFlag//|[[Securing the Docker Ecosystem: Part 2: Strategies to Secure the Container Build|https://blog.secureflag.com/2020/11/30/securing-the-docker-ecosystem-part-2-the-container-build.html]] (2/3)|
|>|>|>|''Containers'' |
|>|>|>|''Workloads'' |
|>|>|>|''Outils / Tools'' |
|2020.11.30|Joosua Santasalo|[[azdyndns: Dyndns for a dime|https://github.com/jsa2/azdyndns]]|Tools Azure DNS|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Conférences / Conferences'' |
|2020.11.30|//Amazon AWS//|[[re:Invent 2020 - Your guide to AWS Identity and Data Protection sessions|https://aws.amazon.com/blogs/security/reinvent-2020-your-guide-to-aws-identity-and-data-protection-sessions/]]|Conference AWS|
|>|>|>|''Podcasts'' |
|>|>|>|''Veilles / Newsletters'' |
|2020.12.06|Marco Lancini|[[The Cloud Security Reading List #66|https://cloudseclist.com/issues/issue-66/]] |Weekly_Newsletter|
|2020.12.03|TL;DR Security|[[#62 - Leaking IAM Users and Roles, AI|https://tldrsec.com/blog/tldr-sec-062/]] |Weekly_Newsletter|
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|''Juridique / Legal'' |
|>|>|>|''Réglementation / Regulatory'' |
|>|>|>|''Conformité / Compliance'' |
|>|>|>||
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.11.30|CISO Mag.|[[Cloud Security Spending to Grow 250.3% in 2021: Gartner|https://cisomag.eccouncil.org/cloud-security-spending-2021/]]|Market|
|>|>|>|''Acquisitions'' |
|2020.12.04|CyberSecurity Insiders|[[Google acquires Actifio for Cloud Security|https://www.cybersecurity-insiders.com/google-acquires-actifio-for-cloud-security/]]|Acquisition|
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''DNS'' |
|2020.11.30|//Akamai//|[[Distinguishing Among DNS Services Part 1: The Platform|https://blogs.akamai.com/2020/11/distinguishing-among-dns-services-part-1-the-platform.html]] {1/3}|!DNS|
|>|>|>|''SASE'' |
|2020.12.04|Help Net Security|[[How to take SASE from a buzzword to a plan|https://www.helpnetsecurity.com/2020/12/04/sase-plan/]]|SASE|
|>|>|>|''Autres / Others'' |
|2020.12.06|CyberSecurity Indiders|[[How to Secure Your Apps with SaaS Security Posture Management (SSPM)|https://www.cybersecurity-insiders.com/how-to-secure-your-apps-with-saas-security-posture-management-sspm/]]|SaaS|
|2020.12.06|CyberSecurity Indiders|[[Cost-Effective Cloud Security for the Modern Enterprise: Part 3|https://www.cybersecurity-insiders.com/cost-effective-cloud-security-for-the-modern-enterprise-part-3/]]|Misc|
|2020.12.06|ZDnet[>img[iCSF/flag_fr.png]]|[[Microsoft lance un cloud sécurisé pour traiter les données du gouvernement américain|https://www.zdnet.fr/actualites/microsoft-lance-un-cloud-securise-pour-traiter-les-donnees-du-gouvernement-americain-39914467.htm]]|Azure Government|
|2020.12.04|DNS Mde Easy|[[How Cloud Outages Can Be Prevented|https://social.dnsmadeeasy.com/blog/how-cloud-outages-can-be-prevented/]]|Outages Prevention|
|2020.12.04|Dark Reading|[[Microsoft Cloud Security Exec Talks New Tech, WFH, Gamification|https://www.darkreading.com/cloud/microsoft-cloud-security-exec-talks-new-tech-wfh-gamification/d/d-id/1339621]]|Misc|
|2020.12.01|Christophe Parisel|![[Reengineering Multi-Cloud (part 1)|https://www.linkedin.com/pulse/reengineering-multi-cloud-part-1-christophe-parisel/]] (1/2)|
|>|>|>|''Autres / Others'' |
|2020.12.04|Help Net Security|[[The need for zero trust security a certainty for an uncertain 2021|https://www.helpnetsecurity.com/2020/12/29/need-for-zero-trust-security/]]|Zero_Trust|
|2020.12.04|//MalwareBytes Labs//|[[File-sharing and cloud storage sites: How safe are they?|https://blog.malwarebytes.com/how-tos-2/2020/12/file-sharing-and-cloud-storage-sites-how-safe-are-they/]]|Storage|
|2020.12.03|TechBeacon|[[Cloud security and analytics: 4 lessons for data security teams|https://techbeacon.com/security/cloud-security-analytics-4-lessons-data-security-teams]]|Misc|
|2020.12.03|Help Net Security|[[The challenges of keeping a strong cloud security posture|https://www.helpnetsecurity.com/2020/12/03/keeping-a-strong-cloud-security-posture/]]|CSPM|
|2020.12.03|Help Net Security|[[How to reduce the risk of third-party SaaS apps|https://www.helpnetsecurity.com/2020/12/03/reduce-risk-third-party-saas-apps/]]|Risks SaaS|
|2020.12.03|Help Net Security|[[Cloud-native benefits stifled by critical security and networking issues|https://www.helpnetsecurity.com/2020/12/03/cloud-native-apps/]]|Cloud_Native|
|2020.12.03|Dark Reading|[[Cloud Security Threats for 2021|https://www.darkreading.com/cloud/cloud-security-threats-for-2021/a/d-id/1339454]]|Threats|
|2020.12.03|//Sysdig//|[[Your team is running containers, but are they secure?|https://sysdig.com/blog/your-team-is-running-containers-but-are-they-secure/]]|Containers|
|2020.12.03|//Radware//|[[What Does a Unified Security Strategy in the Public Cloud Look Like?|https://blog.radware.com/uncategorized/2020/12/what-does-a-unified-security-strategy-in-the-public-cloud-look-like/]]|Strategy|
|2020.12.03|//Oracle Cloud//|[[Security-First principles for Identity and Access Management|https://blogs.oracle.com/cloudsecurity/security-first-principles-for-identity-and-access-management]]|IAM|
|2020.12.03|//Morphisec//|[[Busting Cloud Security Myths|https://blog.morphisec.com/busting-cloud-security-myths]]|Myths|
|2020.12.03|//Caylent//|[[Testing Your Code on Terraform: Terratest|https://caylent.com/testing-your-code-on-terraform-terratest]]|Testing|
|2020.12.02|The Daily Swig|[[Crypto-mining malware fiends exploit insecure Docker installations with botnet|https://portswigger.net/daily-swig/crypto-mining-malware-fiends-exploit-insecure-docker-installations-with-botnet]]|Docker Crypto_Mining|
|2020.12.02|Cybersecurity Insiders|[[4 Protocols That Eliminate the Security Risks of Cloud Migration|https://www.cybersecurity-insiders.com/4-protocols-that-eliminate-the-security-risks-of-cloud-migration/]]|Risks|
|2020.12.02|CloudTweaks|[[Episode 8: Managing Cloud Strategy During the Chaos of 2020, Plus an Outlook for 2021|https://cloudtweaks.com/2020/12/tech-strategy-during-chaos-2020/]] '[[mp3|https://podcasts.captivate.fm/media/21f22f83-6c8e-4538-a9ee-4525016712f6/cloudtweaks-episode-8-virtana.mp3]])|Podcast|
|2020.12.02|/Thousand Eyes|[[Ep. 30: Major AWS Outage Highlights Dependencies Within Cloud Providers|https://blog.thousandeyes.com/internet-report-episode-30/]] ([[Webcast|https://www.youtube.com/watch?v=iRSgOtRX_Ko]])|Podcast|
|2020.12.02|//Threatpost//|[[Microsoft Revamps 'Invasive' M365 Feature After Privacy Backlash|https://threatpost.com/microsoft-m365-privacy-backlash/161760/]]|M365 Privacy|
|2020.12.02|//Stackrox//|[[OpenShift image security and cluster maintenance best practices|https://www.stackrox.com/post/2020/12/openshift-image-security-and-cluster-maintenance-best-practices/]]|Image Best_Practices|
|2020.12.01|The Register|[['We've heard the feedback...' Microsoft 365 axes per-user productivity monitoring after privacy backlash|https://www.theregister.com/2020/12/01/productivity_score/]]|M365 Privacy|
|2020.12.01|Matt Soseman[[Security Config Assessments of AWS, GCP, Azure using MCAS!|https://mattsoseman.wordpress.com/2020/12/01/security-config-assessments-of-awsgcpazure-using-mcas/]]|Configuration|
|2020.12.01|CISO Mag.|[[We'll see more attacks that target cloud misconfiguration issues|https://cisomag.eccouncil.org/cloud-misconfiguration-issues/]]|Misconfiguration|
|2020.12.01|//Threatpost//|[[Misconfigured Docker Servers Under Attack by Xanthe Malware|https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/]]|Docker Malware|
|2020.12.01|//Security Scorecard//|[[Tips for Vetting the Security of Cloud Service Providers|https://securityscorecard.com/blog/tips-vetting-security-cloud-service-providers]]|CSP|
|2020.12.01|//Google Cloud//|[[Monitor and secure your containers with new Container Threat Detection|https://cloud.google.com/blog/products/identity-security/container-threat-detection-is-ga/]]|Detection|
|2020.12.01|Kitploit|[[Terrascan - Detect Compliance And Security Violations Across Infrastructure As Code|https://www.kitploit.com/2020/12/terrascan-detect-compliance-and.html]]|Tools|
|2020.12.01|//BridgeCrew//|[[Building an IaC security and governance program step-by-step|https://bridgecrew.io/blog/building-iac-security-governance-program/]]|IaC|
|2020.11.30|//Digital Ocean//|[[How To Protect Sensitive Data in Terraform|https://www.digitalocean.com/community/tutorials/how-to-protect-sensitive-data-in-terraform]]|Protection|
|2020.11.30|CIO Dive|[[Businesses can avoid cloud provider downtime with redundancy — but at what cost?|https://www.ciodive.com/news/aws-outage-cloud-recovery-interoperability/589844/]]|Redndancy|
|2020.11.30|//AvePoint//|[[Top Microsoft 365 Tenant to Tenant Migration Considerations|https://www.avepoint.com/blog/migrate/microsoft-365-tenant-migration-considerations/]]|M365|
|2020.11.30|//Tenable//|[[Cloud Security: 3 Things InfoSec Leaders Need to Know About the Shared Responsibility Model|https://www.tenable.com/blog/cloud-security-3-things-infosec-leaders-need-to-know-about-the-shared-responsibility-model]]|Responsibility|
|2020.11.30|Silicon Angle|[[IBM Cloud gets quantum-resistant cryptography|https://siliconangle.com/2020/11/30/ibm-cloud-gets-quantum-resistant-cryptography/]]|Cryptography|
<<tiddler [[arOund0C]]>>
!"//CCSK Success Stories: From the Head Cybersecurity Architecture//"
[>img(150px,auto)[iCSA/K4QCCSK.png]]Article de blog publié le 3 décembre 2020
<<<
//This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Lee Han Ther, Head, Cybersecurity Architecture & Strategy at Maxis.
Q: You currently work at Maxis as Head of Cybersecurity Architecture & Strategy. Can you tell us about what your job involves?
A: In my current capacity, I am responsible to drive security architecture, technology innovation and strategy. I help our teams design, deploy and operate solutions across our information technology , cloud and telecommunication network with appropriate security controls to meet business goals along with customer and regulatory requirements.

Q: Can you share with us some complexities in managing cloud computing projects?
A: Well it depends on the cloud service model. IaaS, PaaS, and SaaS have different levelslevel of complexities. Some complexities however are generic across all three, i.e. data residency, regulatory requirement and aligning service provider responsibilities with business needs.

Q: In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?

I would say the important financial aspect is to look at a cloud project's overall Total Cost of Ownership (TCO). In justifying cloud project spending, we need to forecast the total growth / decline of the project components over time due the date scalability and utility like billing, unlike traditional infrastructure.
Q: What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
As part of a self-development plan for the year, I have already included in my goals to obtain a relevant cyber security certification. Why the Certificate of Cloud Security Knowledge (CCSK)? Well, that is the most relevant vendor neutral cloud security certification around. It has helped me build the right foundation and framework, looking at cloud security and controls in a holistic manner.

Q: How does CCM help communicate with customers?
The Cloud Control Matrix (CCM) clearly sets forth a comprehensive control framework based on various domains, service delivery models and architectural reference. Backed with references against various industry standards and best practice. It helps customers think about all the relevant controls and thereafter zoom into the specific technology for implementation.

Q: What's the value in a vendor-neutral certificate versus getting certified by a vendor like AWS? In what scenario are the different certificates important?
Both certifications have their respective unique value. Whilst a vendor-neutral cert is product/service or technology agnostic, it is important to lay out a clear cloud security framework, model and key concepts which can be applicable regardless of cloud service providers. On the other hand, a specific certificate issued by a specific CSP will assist in architecting, deploying or operating that specific cloud technology.

Q: Would you encourage your staff and/or colleagues to obtain the CCSK or other CSA qualifications? Why?
Yes, I would highly recommend it. CSA is a recognized body for cloud security. They have been continuously revising their knowledge base and research to meet the technology and market demands. Being CCSK certified demonstrates the professional has a broad grasp of relevant cloud technology and security models.

Q: What is the best advice you could give to IT professionals in order for them to scale new heights in their careers?
Continuously develop yourself and be relevant. As a security professional, to scale to new heights, we not only need to keep abreast with the latest technology, we also need to be aware of security trends, incidents, regulatory requirements, and the changing business landscape.//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/12/03/ccsk-success-stories-from-the-head-cybersecurity-architecture/ 
Voici la newsletter publiée par le CSA pour les Chapitres Européens, nord et sud américains. pour le mois de Décembre 2020.
<<<
|ssTablN0|k
|>| [img(auto,125px)[iCSA/KC1N1.png]] |
|>|Dear Chapters, |
|>|Thank you for participating in CSA's global community. We hope you enjoy this newsletter, created exclusively for our chapters.Feel free to share with your members.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|[img(150px,auto)[iCSA/KC1N2.jpg]]|!Circle|
|~|ALL Chapters should have an active Chapter community on the Circle platform by January 1st, 2021.|
|~|https://cloudsecurityalliance.connectedcommunity.org/home 
If you do not have a CIRCLE community for your Chapter, please reach out to [[Carolina Ozan|mailto:cozan@cloudsecurityalliance.org]] or [[Todd Edison|tedison@cloudsecurityalliance.org]] to help get that created.| |>|[img(50%,1px)[iCSF/BluePixel.gif]]| | |!Chapter Profile| |~|Please make sure that you have completed the Chapter Profile questionnaire and returned that to CSA global. Chapter Profiles were due November 15th. If you have not yet completed your Chapter Profile, please complete and submit as soon as possible.| |~|!Annual Summary| |~|Please make sure that you have completed the Annual Summary and returned that to CSA global.| |~|Annual Summaries are due by December 15th. If you have not yet completed your Annual Summary, please complete and submit as soon as possible.| |>|[img(50%,1px)[iCSF/BluePixel.gif]]| |>|!Research Releases| | |• '[[The 2020 State of Identity Security in the Cloud|https://cloudsecurityalliance.org/artifacts/the-2020-state-of-identity-security-in-the-cloud/]]'| |~|• '[[Key Management when using Cloud Services|https://cloudsecurityalliance.org/artifacts/key-management-when-using-cloud-services/]]'| |~|• '[[Mitigating Hybrid Clouds Risks|https://cloudsecurityalliance.org/artifacts/mitigating-hybrid-clouds-risks/]]'| |>|[img(50%,1px)[iCSF/BluePixel.gif]]| |>|!Latest Cloudbytes Webinars| | |• '[[International Data Transfer: What does the ruling of the European Court of Justice on the Privacy Shield mean in practice?|https://www.brighttalk.com/webcast/10415/442488]]| |~|• '[[Public Cloud Database Security: Using Others' Mistakes to Stop Attacks|https://www.brighttalk.com/webcast/10415/443314]]| |~|• '[[The Rise and Importance of Digital Identity|https://www.brighttalk.com/webcast/10415/446620]]| |~|• '[[A Practical Guide to Securing Container, Docker Host, and Kubernetes Environment|https://www.brighttalk.com/webcast/10415/446354]]| |>|[img(50%,1px)[iCSF/BluePixel.gif]]| |>|!Other Research News| | |• Peer Review: '[[Critical Controls Implementation for Oracle E-Business Suite|https://cloudsecurityalliance.org/artifacts/critical-controls-implementation-for-oracle-e-business-suite/]]'| |~|• Peer Review: '[[Software-Defined Perimeter Zero Trust Charter|https://cloudsecurityalliance.org/artifacts/critical-controls-implementation-for-oracle-e-business-suite/]]'| |~|• Blog: '[[Cloud Network Security 101: Azure Virtual Network Service Endpoints|https://cloudsecurityalliance.org/blog/2020/11/12/cloud-network-security-101-azure-virtual-network-service-endpoints/]]'| |~|• Blog: '[[The Way You Protect Your Customers' Data Is Fundamentally Changing|https://cloudsecurityalliance.org/blog/2020/11/10/the-way-you-protect-your-customers-data-is-fundamentally-changing/]]'| |~|• Blog: '[[What is cloud security? How is it different from traditional on-premises network security|https://cloudsecurityalliance.org/blog/2020/11/09/what-is-cloud-security-how-is-it-different-from-traditional-on-premises-network-security/]]'| |~|If you have any questions around how to implement this research, you can ask our research analysts and working group members in our Circle Community [[here|https://circle.cloudsecurityalliance.org/communities/allcommunities?DisplayBy=3&OrderBy=0&CommunityTypeKey=314037a2-8690-4cd7-b3f6-596013ec15ca&FilterBy=]].| |>|[img(50%,1px)[iCSF/BluePixel.gif]]| |>|!Chapters Spotlight| |[img(150px,auto)[iCSA/KC1N3.jpg]]|!CSA Washington DC Metro Chapter| |~|Thank you to the CSA Washington DC Metro Chapter for their blog contribution titledSeven Steps to defining the art of the possible in DevOps. What in the world does DevOps mean?This article works to explain a proper definition of DevOps and includes project examples. Way to go, Washington DC Metro Chapter.| |[img(150px,auto)[iCSA/KC1N4.png]]|!CSA Israel Chapter| |~|The CSA Israel Chapter hosted the 10th Annual International Cybersecurity Conference titled Cyber Week. The event featured over 87 different speakers on various cybersecurity topics, including Mapping the Cyber Landscape - Diplomacy, Accountability and Capacity Building in Cyberspace, Analogue Humans in A Digital World, and Threat Modeling Healthcare. It also featured a CCSK Foundation Training workshop. Congratulations CSA Israel Chapter on a successful event.| |~|More Information| | |!Congratulations on gaining Legal Status| |~|The following Chapters have recently gained legal status in their respective countries. Congratulations on successfully becoming legal entities.| |~|• Central America, Ecuador, Minnesota| |>|[img(50%,1px)[iCSF/BluePixel.gif]]| |>|!Upcoming Events| |[img(150px,auto)[iCSA/KC1N5.jpg]]|!CSA & RSA FBI Virtual Minnesota Briefing - The state of the current cybersecurity landscape| |~|December 3, 2020, Virtual| |~|Discuss lessons learned through our unique perspectives of fighting cyber criminals. Hear the FBI's best Practices to enable an organization to successfully protect itself in an ever-more-dangerous environment. Review the FBI's case studies, threat actors, and how it partners with the private industries. Take a closer look at a hypothetical corporate data breach highlighting the compromise, the call to law enforcement, the investigative process and the desired result.| |~|More Information| |[img(150px,auto)[iCSA/KC1N6.jpg]]|!FBI Briefing:Current Threats and How to Mitigate| |~|December 9, 2020, Virtual| |~|Join the CSA Hartford, CT Chapterfor a 30 minute presentation followed by a 15 minute Q&A session with FBI Special Agent Dodd.| |~|Special Agent Dodd has been with the FBI for 17 years. He has worked in New York City and New Haven and specializes in counterintelligence and cyber criminal matters. He is Certified: Forensic Analyst, Incident Handler, Forensic Examiner, Reverse Engineering Malware, Network Forensic Analyst.| |~|More Information| |[img(150px,auto)[iCSA/KC1N7.jpg]]|!Who's in your cloud? - CSA & ISSA Minnesota Chapter Meeting| |~|December 15, 2020, Virtual| |~|When it comes to cloud operations, monitoring security and visibility are critical especially with the increase in staff working remotely. Join us on December 15th to learn about 'Cloud State Monitoring,' why it is important, and who needs to be aware of it.| |~|- Why Cloud is special?| |~|- Explanation of cloud APIs: Management / Control Plane vs Data Plane| |~|- What is Cloud State Monitoring?| |~|- Why is Cloud State Monitoring important?| |~|- Who needs awareness about Cloud State Monitoring and Use Cases?| |~|More Information| |[img(150px,auto)[iCSA/KC1N8.jpg]]|!Dealing with an Adolescent Cloud| |~|December 15, 2020, Virtual| |~|Would you like to learn how to secure the cloud? This webcast will go in depth on AWS's 7 secure design principles and walk you through a variety of open source tools that your organization can deploy to secure a cloud environment. For each principle we will demonstrate a Fundamental and Advanced approaches to transform any organization.| |~|More Information | |[img(150px,auto)[iCSA/KC1N8.jpg]]|!CloudBytes Connect| |~|February 2-4, 2021, Virtual| |~|CSA is excited to launchCloudBytes Connect, a multi-day virtual event program that brings the collaboration of research and community to the forefront. Leveraging CSA's research initiatives to educate the industry on key issues and trends faced in cloud security, CloudBytes Connect will introduce participants, free of charge, to their peers and prominent leaders in the cloud and cybersecurity industry.| |~|Over the course of three days, CSA will present a world-class program of speakers who will provide in-depth discussion and insight on specific topics each day. Keynote sessions will be presented from 9:00 am =E2=80=93 1:00 pm (PST) each morning.| |>|[img(50%,1px)[iCSF/BluePixel.gif]]| |>|Until next time...| |>|Sincerely,| |>|''Todd Edison -- Chapter Relations Manager, Cloud Security Alliance''| <<<
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202011>>
<<tiddler fAll2Tabs10 with: VeilleM","_202011>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Novembre 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202011>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Novembre 2020]]>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler fAll2LiTabs10 with: NewsL","202011>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Novembre 2020]]>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Novembre 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Novembre 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202011'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Novembre 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202011'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Actu - Novembre 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Blog","202011'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Novembre 2020]]>>
!Publications - Novembre 2020
<<tiddler fAll2LiTabs13end with: 'Publ","202011'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
!Publications - Octobre 2020
Publications de<<tiddler fAll2LiTabs13end with: 'Publ","202010'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Novembre 2020]]>>
!//Letting The Right One In: A Preamble to Device Trust//
[>img(150px,auto)[iCSA/KBQBL.jpg]]^^Article publié le 26 novembre 2020 sur le blog de la CSA, et le 31 août 2020 sur celui de Duo Security.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/26/letting-the-right-one-in-a-preamble-to-device-trust/
* Site Duo Security ⇒ https://duo.com/blog/letting-the-right-one-in-a-preamble-to-device-trust
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Cloud Network Security 101: Azure Private Link & Private Endpoints//
[>img(150px,auto)[iCSA/KBOBC.jpg]]^^Article publié le 24 novembre 2020 sur le blog de la CSA, et le 25 septembre 2020 sur le site de Fugue.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/24/cloud-network-security-101-azure-private-link-private-endpoints/
* Site Fugue ⇒ https://www.fugue.co/blog/cloud-network-security-101-azure-private-link-private-endpoints
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//3 Reasons Why You Need to Include a VRM Platform in 2021//
[>img(150px,auto)[iCSA/KBNB3.jpg]]^^Article publié le 23 novembre 2020 sur le blog de la CSA, et le 10 novembre 2020 sur le site de Whistic.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/23/3-reasons-why-you-need-to-include-a-vrm-platform-in-2021/
* Site Whistic ⇒ https://www.whistic.com/resources/three-reasons-why-you-need-to-include-a-vrm-platform
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//The Multi-Factor Factor (or How to Manage Authentication Risk)//
[>img(150px,auto)[iCSA/KBIBT.jpg]]^^Article publié le 18 novembre 2020 sur le blog de la CSA, et le 15 octobre 2020 sur celui de Duo Security.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/18/the-multi-factor-factor-or-how-to-manage-authentication-risk/
* Site Duo Security ⇒ https://duo.com/blog/the-multi-factor-factor-or-how-to-manage-authentication-risk
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//What is Cloud-Based Tokenization?//
[>img(150px,auto)[iCSA/KBHBW.jpg]]^^Article publié le 17 novembre 2020 sur le blog de la CSA, et le 9 octobre 2019 (//sic//) sur le site de TokenEx.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/17/what-is-cloud-based-tokenization/
* Site TokenEx ⇒ https://www.tokenex.com/blog/what-is-cloud-security
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//Cloud Network Security 101: Azure Virtual Network Service Endpoints//
[>img(150px,auto)[iCSA/KBCBC.jpg]]^^Article publié le 12 novembre 2020 sur le blog de la CSA, et le 8 octobre 2020 sur le site de Fugue.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/12/cloud-network-security-101-azure-virtual-network-service-endpoints/
* Site Fugue ⇒ https://www.fugue.co/blog/cloud-network-security-101-azure-service-endpoints-vs.-private-endpoints
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//The Way You Protect Your Customers' Data Is Fundamentally Changing//
[>img(150px,auto)[iCSA/KBABT.png]]^^Article publié le 10 novembre 2020 sur le blog de la CSA, et le 27 octobre 2020 sur le site de Whistic.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/10/the-way-you-protect-your-customers-data-is-fundamentally-changing/
* Site Whistic ⇒ https://www.whistic.com/resources/the-way-you-protect-your-customers-data-is-changing
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//SaaS Security Series: Salesforce Guest User Log Analysis//
[>img(150px,auto)[iCSA/KB5BS.jpg]]^^Article publié le 5 novembre 2020 sur le blog de la CSA, et le 4 novembre 2020 sur le site de AppOmni.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/05/saas-security-series-salesforce-guest-user-log-analysis/
* Site AppOmni ⇒ https://appomni.com/blog-security-series-salesforce-guest-user-log-analysis/
^^[img(25%,1px)[iCSF/BluePixel.gif]]

!//The 10 Best Practices in Cloud Data Security//
[>img(150px,auto)[iCSA/KB3BT.jpg]]^^Article publié le 3 novembre 2020 sur le blog de la CSA, et sur le site de TokenEx le 24 juillet 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/03/the-10-best-practices-in-cloud-data-security/
* Site TokenEx ⇒ https://www.tokenex.com/blog/10-best-practices-in-cloud-data-security
^^[img(25%,1px)[iCSF/BluePixel.gif]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #92|2020.11.29 - Newsletter Hebdomadaire #92]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #92|2020.11.29 - Weekly Newsletter - #92]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.11.29 - Newsletter Hebdomadaire #92]]>> |<<tiddler [[2020.11.29 - Weekly Newsletter - #92]]>> |
| La [[dernière Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' | The [[latest Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' is dated from ''<<tiddler [[LatestWeeklyEN]]>>'' |
|!• La newsletter #92 est en cours de rédaction 
• Date de publication estimée : __à partir du 29 novembre 2020__ | | [img(100px,auto)[iCSF/Work.gif]]
La Veille 'Web Cloud et Sécurité' en cours de rédaction est → [[ici|2020.11.29 - Veille Hebdomadaire - 29 novembre]] ← | /%|!⇒ [[CloudSecurityAlliance.fr/go/KBT/|https://CloudSecurityAlliance.fr/go/KBT/]] | <<tiddler [[arOund0C]]>>%/
|!• Newsletter #92 is currently being written 
• Estimated release date: __after November 29th, 2020__ | | [img(100px,auto)[iCSF/Work.gif]]
The draft version of the 'Cloud and Security' News Watch is → [[here|2020.11.29 - Veille Hebdomadaire - 29 novembre]] ← | /%|!⇒ [[CloudSecurityAlliance.fr/go/KBT/|https://CloudSecurityAlliance.fr/go/KBT/]] | <<tiddler [[arOund0C]]>>%/
!!Veille Hebdomadaire - 23 au 29 novembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|>|>|>||
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2020.11.27|Bleeping Computer|[[Office 365 phishing abuses Oracle and Amazon cloud services|https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-oracle-and-amazon-cloud-services/]]|O365 Phishing|
|>|>|>|''Incidents'' |
|>|>|>|''Fuites de données / Leaks'' |
|>|>|>|''Pannes / Outages'' |
|2020.11.25|//Catchpoint//|[[AWS Outage Ahead of Black Friday|https://blog.catchpoint.com/2020/11/25/aws-outage-ahead-of-black-friday/]]|Outage AWS|
|2020.11.25|Silicon Angle|[[Update: AWS fixes cloud outage that caused service disruptions across the web|https://siliconangle.com/2020/11/25/aws-cloud-outage-causing-service-disruptions-across-web/]]|Outage AWS|
|2020.11.25|The Register|[[AWS admits to 'severely impaired' services in US-EAST-1, can't even post updates to Service Health Dashboard|https://www.theregister.com/2020/11/25/aws_down/]]|Outage AWS|
|2020.11.25|GeekWire|[[Amazon Web Services outage affects Adobe, Roku, Twilio, Flickr, others|https://www.geekwire.com/2020/amazon-web-services-outage-affects-adobe-roku-twilio-flickr-others/]]|Outage AWS|
|2020.11.26|ZDnet| → [[AWS Outage Impacts Thousands of Online Services|https://www.zdnet.com/article/aws-outage-impacts-thousands-of-online-services/]]|Outage AWS|
|2020.11.26|ZDnet[>img[iCSF/flag_fr.png]]| → [[AWS : Une panne majeure met à terre une partie d'internet|https://www.zdnet.fr/actualites/aws-une-panne-majeure-met-a-terre-une-partie-d-internet-39913731.htm]]|Outage AWS|
|2020.11.26|DataCenter Mag[>img[iCSF/flag_fr.png]]| → [[AWS victime d'une panne sévère|https://datacenter-magazine.fr/aws-victime-dune-panne-severe/]]|Outage AWS|
|2020.11.26|CRN.au| → [[Amazon's cloud service sees widespread outage|http://www.crn.com.au/news/amazons-cloud-service-sees-widespread-outage-558288]]|Outage AWS|
|2020.11.26|//Cloud Management Insider//| → [[Amazon Web Services Experiences Outage, Major Customers Impacted|https://www.cloudmanagementinsider.com/amazon-web-services-experiences-outage-major-customers-impacted/]]|Outage AWS|
|2020.11.26|//DNS Made Easy//| → [[AWS Suffers Prolonged Outage Ahead of Thanksgiving Holiday|https://social.dnsmadeeasy.com/blog/aws-suffers-prolonged-outage-ahead-of-thanksgiving-holiday/]]|Outage AWS|
|>|>|>||
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|!2020.11.25|//Tripwire//|[[Emerging Public Cloud Security Challenges in 2020 and Beyond|https://www.tripwire.com/state-of-security/security-data-protection/cloud/emerging-public-cloud-security-challenges/]]|Risks Challenges|
|>|>|>|''Menaces / Threats'' |
|2020.11.27|//Mitiga//|[[Step 1: Phish Mitiga. Step 2: Get Your Phishing-as-a-Platform Dissected by Mitiga|https://medium.com/mitiga-io/step-1-phish-mitiga-step-2-get-your-phishing-as-a-platform-dissected-by-mitiga-80a7333f76ee]]|Phishing|
|2020.12.01|MSSP Alert| → [[Microsoft Office 365 Phishing Leverages Oracle, AWS Cloud Services|https://www.msspalert.com/cybersecurity-breaches-and-attacks/phishing/microsoft-office-365-phishing-leverages-oracle-aws-cloud-services/]]|Phishing|
|2020.11.25|//Avanan//|[[Microsoft Teams: Proof of Concept Malware Attack Found In Wild|https://www.avanan.com/blog/proof-of-concept-teams-malware-attack-found-in-wild]]|.|
|2020.11.25|Dark Reading|[[Do You Know Who's Lurking in Your Cloud Environment?|https://www.darkreading.com/cloud/do-you-know-whos-lurking-in-your-cloud-environment/d/d-id/1339544]]|.|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|>|>|>||
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.11.28|//Prevasio//|[[Intro to Kubernetes Security Best Practices|https://blog.prevasio.com/2020/11/intro-to-kubernetes-security-best.html]]|K8s|
|>|>|>|''Protection'' |
|>|>|>|''Détection / Detection'' |
|>|>|>||
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.11.25|Container Journal|[[Analyst Report: Kubernetes K8s Data Protection|https://containerjournal.com/podcast/analyst-report-kubernetes-k8s-data-protection/]]|Report Kubernetes|
|>|>|>|''Sondages / Surveys'' |
|>|>|>|''Études / Studies'' |
|2020.11.24|Matt Soseman|[[TCO/ROI of Microsoft Cloud App Security (Forrester Study)|https://mattsoseman.wordpress.com/2020/11/24/tco-roi-of-microsoft-cloud-app-security-forrester-study/]]|Study|
|>|>|>|''Publications'' |
|2020.11.17|//Gartner//|[[Magic Quadrant for Access Management|https://www.gartner.com/reprints/?id=1-24F36V24&ct=201021&st=sb]]|AzureAD Gartner|
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.11.24|//Amazon AWS//|[[Amazon EventBridge adds Server-Side Encryption (SSE) and increases default quotas|https://aws.amazon.com/about-aws/whats-new/2020/11/amazon-eventbridge-adds-server-side-encryption-sse-and-increases-default-quotas/]]|AWS|
|2020.11.25|//Amazon AWS//|[[New - Attribute-Based Access Control with AWS Single Sign-On|https://aws.amazon.com/blogs/aws/new-attributes-based-access-control-with-aws-single-sign-on/]]|AWS SSO|
|2020.11.24|//Amazon AWS//|[[New - Multi-Factor Authentication with WebAuthn for AWS SSO|https://aws.amazon.com/blogs/aws/multi-factor-authentication-with-webauthn-for-aws-sso/]]|AWS SSO|
|2020.11.23|//Amazon AWS//|[[Zero Trust architectures: An AWS perspective|https://aws.amazon.com/blogs/security/zero-trust-architectures-an-aws-perspective/]]|AWS Zero_Trust|
|2020.11.23|//Amazon AWS//|[[AWS Security Hub integrates with AWS Organizations for simplified security posture management|https://aws.amazon.com/about-aws/whats-new/2020/11/aws-security-hub-integrates-with-aws-organizations-for-simplified-security-posture-management/]]|AWS_Security_Hub CSPM|
|2020.11.23|//Amazon AWS//|[[Code Signing, a Trust and Integrity Control for AWS Lambda|https://aws.amazon.com/blogs/aws/new-code-signing-a-trust-and-integrity-control-for-aws-lambda/]]|AWS|
|2020.11.20|//Amazon AWS//|[[Automatically update security groups for Amazon CloudFront IP ranges using AWS Lambda|https://aws.amazon.com/blogs/security/automatically-update-security-groups-for-amazon-cloudfront-ip-ranges-using-aws-lambda/]]|AWS|
|2020.11.19|//Amazon AWS//|[[Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources|https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/]]|AWS|
|2020.11.19|//Amazon AWS//|[[How to deploy the AWS Solution for Security Hub Automated Response and Remediation|https://aws.amazon.com/blogs/security/how-to-deploy-the-aws-solution-for-security-hub-automated-response-and-remediation/]]|AWS_Security_Hub Automation|
|2020.11.28|//Cloudonaut//|[[Unusual AWS Architectures|https://cloudonaut.io/unusual-aws-architectures/]]|AWS Architecture|
|2020.11.24|DZone|[[Exposed AWS Secret Access Key To GitHub Can Be a Costly Affair - A Personal Experience|http://feeds.dzone.com/link/16357/14107235/exposed-aws-secret-key-can-be-costly-affair]]||
|2020.11.23|DZone|[[AWS Well-Architected Framework in Serverless Part I: Security|https://dzone.com/articles/aws-well-architected-framework-in-serverless-part]]|AWS Serverless|
|>|>|>|''Azure (Microsoft)'' |
|2020.11.26|Thomas Maurer|[[How to Monitor an Azure virtual machine with Azure Monitor|https://www.thomasmaurer.ch/2020/11/how-to-monitor-an-azure-virtual-machine-with-azure-monitor/]]|Azure|
|2020.11.27|//AvePoint//|[[How to Secure and Recover Office 365 Data (Case Study)|https://www.avepoint.com/blog/backup/office-365-data-security-recovery/]]|O365 DRP|
|2020.11.25|Secure Cloud Blog|[[Defence in depth: Securing Azure App Service with Azure Front Door WAF, NodeJS runtime Security enhancements tested with OWASP ZAP|https://securecloud.blog/2020/11/25/defence-in-depth-securing-azure-app-service-with-azure-front-door-waf-nodejs-runtime-security-enhancements-tested-with-owasp-zap/]]|.|
|2020.11.24|Sami Lamppu|[[Microsoft 365 Defender vs Azure Sentinel - Which One To Use?|https://samilamppu.com/2020/11/24/microsoft-365-defender-vs-azure-sentinel-which-one-to-use/]]|M365_Defender Azue_Sentinel|
|2020.11.24|//Microsoft Azure//|[[Microsoft Azure Active Directory again a "Leader" in Gartner Magic Quadrant for Access Management|https://www.microsoft.com/security/blog/2020/11/24/microsoft-azure-active-directory-again-a-leader-in-gartner-magic-quadrant-for-access-management/]]|AzureAD Gartner|
|2020.11.24|//Black Hills//|[[Azure Security Basics: Log Analytics, Security Center, and Sentinel|https://www.blackhillsinfosec.com/azure-security-basics-log-analytics-security-center-and-sentinel/]]|Azure_Sentinel|
|>|>|>|''GCP (Google)'' |
|2020.11.24|Summit Route|![[Setting up personal G Suite backups on AWS|https://summitroute.com/blog/2020/11/24/setting_up_personal_gsuite_backups_on_aws/]] |Backup|
|2020.11.24|Summit Route| → outil [[backup_runner|https://github.com/SummitRoute/backup_runner]]|Tools|
|2020.11.24|//Google Cloud//|[[Serverless load balancing with Terraform: The hard way|https://cloud.google.com/blog/topics/developers-practitioners/serverless-load-balancing-terraform-hard-way]]|GCP|
|>|>|>|''Oracle'' |
|>|>|>|''Kubernetes'' |
|2020.11.28|//Prevasio//|[[Intro to Kubernetes Security Best Practices|https://blog.prevasio.com/2020/11/intro-to-kubernetes-security-best.html]]|Best_Practices|
|2020.11.26|//Caylent//|[[Understanding Kubernetes Operators|https://caylent.com/understanding-kubernetes-operators]]|K8s|
|2020.11.25|Container Journal|[[Analyst Report: Kubernetes K8s Data Protection|https://containerjournal.com/podcast/analyst-report-kubernetes-k8s-data-protection/]]|Report Kubernetes|
|>|>|>|''Docker'' |
|2020.11.26|ShellHacks|[[Docker: Remove All Images & Containers|https://www.shellhacks.com/docker-remove-all-images-containers/]]|Docker|
|2020.11.24|Security Week|[[Canonical Publishes Secure Container Application Images on Docker Hub|https://www.securityweek.com/canonical-publishes-secure-container-application-images-docker-hub]]|.|
|>|>|>|''Containers'' |
|2020.11.26|DZone|[[Getting Started With Container Registries|https://dzone.com/refcardz/getting-started-with-container-registries]]|Registries|
|2020.11.25|Container Journal|[[4 Security Risks Plaguing Container Development|https://containerjournal.com/topics/container-security/4-security-risks-plaguing-container-development/]]|Containers|
|2020.11.23|Container Journal|[[Containers Creating Major DevSecOps Challenge|https://containerjournal.com/topics/container-security/containers-creating-major-devsecops-challenge/]]|Containers|
|2020.11.23|//Exoscale//|[[Container-Optimized Instances|https://www.exoscale.com/syslog/container-optimized-instances/]]|Containers|
|2020.11.23|Rootless Containers|[[Rootless Containers|https://rootlesscontaine.rs/]]|Docker|
|>|>|>|''Workloads'' |
|>|>|>|''Outils / Tools'' |
|2020.11.28|KitPloit|[[Tracee - Container And System Event Tracing Using eBPF|https://www.kitploit.com/2020/11/tracee-container-and-system-event.html]]|Tools Containers|
|>|>|>||
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Conférences / Conferences'' |
|2020.11.25|//Divvy Cloud//|[[The Future of Cloud-Native Security is Here!|https://divvycloud.com/future-of-cloud-native-security/]]|Conference|
|>|>|>|''Podcasts'' |
|2020.11.29|Cloud Security Podcast|[[Risk Management in Cloud Security - Monica Verma|https://anchor.fm/cloudsecuritypodcast/episodes/RISK-MANAGEMENT-IN-CLOUD-SECURITY---MONICA-VERMA-en3pqe]]|Podcast|
|2020.11.25|SilverLining Podcast|![[Episode 29: Cloud Identity Governance - understanding challenges|https://silverlining-il.castos.com/episodes/episode-29-cloud-identity-governance-understanding-challenges]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/???????-????.mp3]]) |Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2020.11.29|Marco Lancini|[[The Cloud Security Reading List #65|https://cloudseclist.com/issues/issue-65/]] |Weekly_Newsletter|
|>|>|>||
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|''Juridique / Legal'' |
|>|>|>|''Réglementation / Regulatory'' |
|>|>|>|''Conformité / Compliance'' |
|2020.12.23|The Register|[[European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices|https://www.theregister.com/2020/11/23/european_recommendations_on_schrems_ii/]]|Privacy Europe|
|>|>|>||
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.11.26|Alain Bensoussan|[[Cloud souverain : un partenariat inédit entre Google et OVH|https://www.alain-bensoussan.com/avocats/marche-du-cloud-un-partenariat-inedit-entre-google-et-ovh/2020/11/26/]]|France Sovereignty|
|2020.11.27|Help Net Security|[[Worldwide cloud security market to reach $20.9 billion by 2027|https://www.helpnetsecurity.com/2020/11/26/worldwide-cloud-security-market-2027/]]|Market|
|2020.11.25|SC Magazine|[[Cloud security mapping startup Lightspin comes out of stealth|https://www.scmagazine.com/home/security-news/cloud-security/cloud-security-mapping-startup-lightspeed-comes-out-of-stealth-with-4m-in-seed-funding/]]|Misc|
|2020.11.25|//Cloud Management Insider//|[[CIA Goes Full Multi-Cloud as Google, AWS, Microsoft, Oracle, IBM Bag Multi-Billion Cloud Contract|https://www.cloudmanagementinsider.com/cia-goes-full-multi-cloud-as-google-aws-microsoft-oracle-ibm-bag-multi-billion-cloud-contract/]]|Government US|
|>|>|>|''Acquisitions'' |
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''APIs'' |
|2020.11.29|CISO Mag.|[[API targets are growing fast, therefore the need for API security|https://cisomag.eccouncil.org/api-targets-are-growing-fast-therefore-the-need-for-api-security/]]|APIs|
|>|>|>|!|
|2020.11.28|Security and Cloud 24/7|[[Confidential Computing and the Public Cloud|https://security-24-7.com/confidential-computing-and-the-public-cloud/]]|Confidential_Computing|
|2020.11.26|//Heimdal Security//|[[Cloud IAM and Cloud PAM Challenges Explained|https://heimdalsecurity.com/blog/cloud-iam-and-cloud-pam-challenges/]]|IAM|
|2020.11.28|Computer Weekly|[[IP surveillance: The storage it needs, on-premise and in the cloud|https://www.computerweekly.com/feature/IP-surveillance-The-storage-it-needs-on-premise-and-in-the-cloud]]|Storage|
|2020.11.25|Cloudberry Engineering|![[Foundations of a Multi-Cloud Security Strategy|https://cloudberry.engineering/article/multi-cloud-security-strategy-foundations/]] |Multi_Cloud|
|2020.11.25|Cyberwar Zone|[[How to get a €50 Dutch IaaS account for free|https://cyberwarzone.com/how-to-get-a-e50-dutch-iaas-account-for-free/]] ([[lien|https://www.nldatastore.nl/]])|Misc|
|2020.11.25|Dark Reading|[[Prevention Is Better Than the Cure When Securing Cloud-Native Deployments|https://www.darkreading.com/cloud/prevention-is-better-than-the-cure-when-securing-cloud-native-deployments-/a/d-id/1339361]]|.|
|2020.11.24|MSSP Alert|[[Sumo Logic Research: Multi-Cloud Security Findings|https://www.msspalert.com/cybersecurity-research/sumo-logic-study-multi-cloud-apps/]]|.|
|2020.11.24|Le MagIT[>img[iCSF/flag_fr.png]]|[[Cloud souverain : prêt à décoller, GAIA-X attire tous les regards|https://www.lemagit.fr/actualites/252492588/Cloud-souverain-pret-a-decoller-GAIA-X-attire-tous-les-regards]]|GAIA-X|
|2020.11.24|//Anchore//|[[The Open Sourcing of DevSecOps|https://anchore.com/blog/the-open-sourcing-of-devsecops/]]|DevSecOps|
|2020.11.24|Hold My Beer|[[Integrating Vault secrets into Jupyter notebooks for incident response and threat hunting|https://holdmybeersecurity.com/2020/11/24/integrating-vault-secrets-into-jupyter-notebooks-for-incident-response-and-threat-hunting/]]|Vault Defend|
|2020.11.23|//WeScale//[>img[iCSF/flag_fr.png]]|[[Le CloudRadar Cloud Native (deuxième partie) est disponible|https://blog.wescale.fr/2020/11/23/le-cloudradar-cloud-native-deuxieme-partie-est-disponible/]]|
|>|>|>|!|
|>|>|>||
|>|>|>|!|
|2020.11.26|Portail de l'IE[>img[iCSF/flag_fr.png]]|[[GAIA-X, un projet de cloud de moins en moins européen|https://portail-ie.fr/short/2510/gaia-x-un-projet-de-cloud-de-moins-en-moins-europeen]]|GAIA-X|
|2020.11.26|Le MagIT[>img[iCSF/flag_fr.png]]|[[https://www.lemagit.fr/actualites/252492797/Les-espaces-de-donnees-au-cur-de-GAIA-X]]|GAIA-X|
|2020.11.26|Journal du Net[>img[iCSF/flag_fr.png]]|[[5 conseils pour sécuriser ses données critiques dans un cloud public|https://www.journaldunet.com/web-tech/cloud/1495413-5-conseils-pour-securiser-ses-donnees-critiques-dans-un-cloud-public/]]|Misc|
|2020.11.26|45 Secondes[>img[iCSF/flag_fr.png]]|[[Un crash partiel des serveurs d'Amazon a empêché même les aspirateurs de fonctionner|https://45secondes.fr/un-crash-partiel-des-serveurs-damazon-a-empeche-meme-les-aspirateurs-de-fonctionner/]]|Outage AWS|
|2020.11.25|SilverLining IL|[[Episode 29: Cloud Identity Governance - understanding challenges|https://silverlining-il.castos.com/episodes/episode-29-cloud-identity-governance-understanding-challenges]]|Podcast|
|2020.11.23|//Illumio//|[[What to Do in a Cyber Incident: Technical Response|https://www.illumio.com/blog/cyber-incident-technical-response]]|Incident_Response|
<<tiddler [[arOund0C]]>>
!"//CSA Survey Finds Organizations are Shifting their Use of IAM Capabilities - The 2020 State of Identity Security in the Cloud//"
Article de blog publié le 25 novembre 2020
<<<
{{ss2col{[>img(200px,auto)[iCSA/KBPBC.png]]//The use of cloud services have continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better understand how cloud services are being used during this transition and how organizations are securing their operations over the next 12 months.
Below is a summary of the key findings found in this report.
!!!Key Finding 1 - Multi-cloud is being used by many organizations.
81% of respondents reported that their organizations are utilizing a multi-cloud strategy. However, further follow up demonstrated that companies rely heavily on one of public cloud providers over the others. The other providers tend to be used for more specialized workloads. There also isn't one cloud provider that is favored across the industry. The market share among the top providers has become more evenly spread. The use of public cloud platforms has allowed organizations to adapt to the remote workforce. The majority are using a multicloud approach increasing the complexity of security and visibility issues for many organizations. Organizations developing in these platforms are increasingly turning to agile techniques and technologies incorporating DevOps methodologies.

!!!Key Finding 2 - [>img(200px,auto)[iCSA/KBPB2.png]]Diversity of production workload types is expected to increase.
Respondents expect more diversity of production workload types. In addition to increased production with traditional virtual machines (59%), workloads using cloud-based services such as containers platforms (82%), serverless/ functions-as a-service (71%), and other cloud provider services (75%) are also expected.
The use of these technologies allow for increased portability, agility, and the embedding of security in code or "shifting security left." This shift of security within the DevOps production cycle ensures quality testing and that security is built in earlier in the development process. The growing remote workforce and utilization of cloud services and development technologies has created a complex environment requiring additional security tools or strategies for identity security

!!!Key Finding 3 - [>img(200px,auto)[iCSA/KBPB3.png]]Organizations are shifting their use of IAM capabilities over the next year.
On-premises or in the cloud, IAM methods such as MFA, federated identity, JIT, and advanced user privilege and access capabilities allow for more granular control and reduce security risks. Many of the organizations surveyed predict a rise in the use of these IAM techniques and will utilize a mix of cloud service provider capabilities as well as third-party vendors to meet those needs.

!!!Key Finding 4 Privilege and permission management rated as a top IAM security challenge for organizations for both humans and machines.
[<img(200px,auto)[iCSA/KBPB4.png]]Privilege and permission management was rated as high or extremely high priority for human identity (94%) and machines (77%).//}}}
<<<
!!!Liens
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/25/csa-survey-finds-organizations-are-shifting-their-use-of-iam-capabilities-the-2020-state-of-identity-security-in-the-cloud/
* Téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/the-2020-state-of-identity-security-in-the-cloud/
* Document (PDF) ⇒ https://cloudsecurityalliance.org/download/artifacts/the-2020-state-of-identity-security-in-the-cloud/ 
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #91|2020.11.22 - Newsletter Hebdomadaire #91]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #91|2020.11.22 - Weekly Newsletter - #91]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.11.22 - Newsletter Hebdomadaire #91]]>> |<<tiddler [[2020.11.22 - Weekly Newsletter - #91]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 16 au 22 novembre 2020
!!1 - Informations CSA - 16 au 22 novembre 2020

* Actu : CSA 'CloudBytes Connect: From the SOC to the Boardroom' in February 2021+++*[»]> <<tiddler [[2020.11.19 - Actu : Conférence CSA 'CloudBytes Connect: From the SOC to the Boardroom' en février 2021]]>>=== 
* Blog : 'Rent to Pwn the Blockchain - 51% Attacks Made Easy'+++*[»]> <<tiddler [[2020.11.20 - Blog : 'Rent to Pwn the Blockchain - 51% Attacks Made Easy']]>>=== 
* Blog : 'CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects'+++*[»]> <<tiddler [[2020.11.19 - Blog : 'CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects']]>>=== 
* Blog : 'Circle - The Most Vital Cybersecurity Community'+++*[»]> <<tiddler [[2020.11.16 - Blog : 'Circle - The Most Vital Cybersecurity Community']]>>=== 
* Publication : 'The 2020 State of Identity Security in the Cloud'+++*[»]> <<tiddler [[2020.11.19 - Publication : 'The 2020 State of Identity Security in the Cloud']]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 90 liens|2020.11.22 - Veille Hebdomadaire - 22 novembre]])

* __''À lire''__
** RETEX sur des incidents sécurité AWS
** Mind Map pour des investigations AWS (//Expel//)

* __Attaques, Incidents, Fuites de données, Pannes__
** Attaques : Campagnes de phishing O365

* __Risques, Menaces, Vulnérabilités__
** Vulnérabilités : Fuite d'information liées à des API en environnement AWS APIs (//Palo Alto Networks//) • APIs non sécurisées (//Optiv//)

* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Azure AD Attack and Defense Playbook (Thomas Naunheim) • OpenShift Runtime Security (//StakRox//) • AKS Security Workbook (//Micosoft Azure//) 

* __Rapports, Sondages, Études, Publications__
** Rapports : : '2020 Ransomware Resiliency Report' (//Veritas//) • '2020 Cloud Migration Trends Report' (//amdocs//) • 'Cloud-driven Identities' (//Divvy Cloud//) • '2020 Cloud Security Report' (//Bitglass//) • '2020 Global State of the Channel Ransomware' (//Datto//)
** Sondages : CNCF
** Études : 'Cybercriminal Cloud of Logs' (//Trend Micro//)
** Publications : Livre Blanc 'Cloud Native Security' (CNCF)

* __Cloud Services Providers, Outils__
** AWS : lancement de 'AWS Network Firewall' • AWS IAM
** Azure : Comptes à privilèges dans M365 • 'Global Network Reliability'
** GCP : Sécurisation de la Supply Chain • Guide pour développeurs GKE
** Containers : 'Privileged Container Escape'
** Workloads : Fonctionnalités sécurité sur AWS (//Intezer//) • Protection de workload (//Carbon Black//)
** Outils: BloodHound 4.0 • IAMFinder (//Palo Alto Networks//) • Sécurité Zero Trust Network pour Kubernetes (//Sysdig//)

* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts : 'Digital Risk Protection' • 'Government's Cloud Anxiety'
** Veilles : TL;DR Security #61 • The Cloud Security Reading List #64

* __Marché, Acquisitions__

* __Divers__
** GAIA-X • contrats Cloud en France • Glossaire
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KBM/|https://CloudSecurityAlliance.fr/go/KBM/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - November 16th to 22nd, 2020
!!1 - CSA News and Updates - November 16th to 22nd, 2020

* News: CSA 'CloudBytes Connect: From the SOC to the Boardroom' in February 2021+++*[»]> <<tiddler [[2020.11.19 - Actu : Conférence CSA 'CloudBytes Connect: From the SOC to the Boardroom' en février 2021]]>>=== 
* Blog: 'Rent to Pwn the Blockchain - 51% Attacks Made Easy'+++*[»]> <<tiddler [[2020.11.20 - Blog : 'Rent to Pwn the Blockchain - 51% Attacks Made Easy']]>>=== 
* Blog: 'CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects'+++*[»]> <<tiddler [[2020.11.19 - Blog : 'CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects']]>>=== 
* Blog: 'Circle - The Most Vital Cybersecurity Community'+++*[»]> <<tiddler [[2020.11.16 - Blog : 'Circle - The Most Vital Cybersecurity Community']]>>=== 
* Publication: 'The 2020 State of Identity Security in the Cloud'+++*[»]> <<tiddler [[2020.11.19 - Publication : 'The 2020 State of Identity Security in the Cloud']]>>=== 
!!2 - Cloud and Security News Watch ([[over 90 links|2020.11.22 - Veille Hebdomadaire - 22 novembre]])

* __''Must read''__
** Learning from AWS (Customer) Security Incidents
** Mind Map for AWS Investigations (//Expel//)

* __Attacks, Incidents, Data Leaks, Outages__
** Attacks: O365 Phishing Campaign

* __Risks, Threats, Vulnerabilities__
** Vulnerabilities: Information Leakage in AWS Resource-Based Policy APIs (//Palo Alto Networks//) • Insecure APIs (//Optiv//)

* __Best Practices, and Detection__
** Best Practices: Azure AD Attack and Defense Playbook (Thomas Naunheim) • OpenShift Runtime Security (//StakRox//) • AKS Security Workbook (//Micosoft Azure//)

* __Reports, Surveys, Studies, Publications__
** Reports: '2020 Ransomware Resiliency Report' (//Veritas//) • '2020 Cloud Migration Trends Report' (//amdocs//) • 'Cloud-driven Identities' (//Divvy Cloud//) • '2020 Cloud Security Report' (//Bitglass//) • '2020 Global State of the Channel Ransomware' (//Datto//)
** Surveys: CNCF Survey
** Studies: 'Cybercriminal Cloud of Logs' (//Trend Micro//)
** Publications: 'Cloud Native Security' White Paper (CNCF)

* __Cloud Services Providers, Tools__
** AWS: Launch of 'AWS Network Firewall' • AWS IAM
** Azure: Priority Accounts in M365 • Global Network Reliability
** GCP: Securing the Container Supply Chain • Developer's Guide to GKE
** Containers: Privileged Container Escape
** Workloads: Security Features of AWS (//Intezer//) • Workload Protection (//Carbon Black//)
** Tools: BloodHound 4.0 • IAMFinder (//Palo Alto Networks//) • Zero Trust Network Security for Kubernetes (//Sysdig//)

* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Podcasts: 'Digital Risk Protection' • 'Government's Cloud Anxiety'
** Newsletters: TL;DR Security #61 • The Cloud Security Reading List #64

* __Market, Acquisitions__

* __Miscellaneous__
** GAIA-X • Cloud Computing Contracts in France • Glossary
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KBM/|https://CloudSecurityAlliance.fr/go/KBM/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 16 au 22 novembre 2020 
+++^*[Table des Matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2020.11.17|//Expel//|![[Introducing a mind map for AWS investigations|https://expel.io/blog/mind-map-for-aws-investigations/]] |AWS Investigations|
|2020.11.17|//Expel//| → [[MITRE ATT&CK in Amazon Web Services (AWS): A defender's cheat sheet|https://info.expel.io/expel-mitre-attack-in-AWS-toolkit.html]] (téléchargement)|AWS Investigations|
|2020.11.17|//Expel//| → [[AWS mind map for investigations and incidents|https://info.expel.io/expel-mitre-attack-in-AWS-toolkit.html]] (téléchargement)|AWS Investigations|
|2020.11.17|//Expel//| → [[AWS mind map for investigations and incidents|https://mobile.twitter.com/jhencinski/status/1283810412950106112]] (annonce)|AWS Investigations|
|2020.11.14|Rami MCarthy|![[Learning from AWS (Customer) Security Incidents|https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents]] |AWS Incidents|
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2020.11.17|Bleeping Computer|[[Office 365 phishing campaign detects sandboxes to evade detection|https://www.bleepingcomputer.com/news/security/office-365-phishing-campaign-detects-sandboxes-to-evade-detection/]]|O365 Phishing Evasion|
|2020.11.17|GBHackers on Security|[[New TroubleGrabber Malware Steals Credentials and System Information|https://gbhackers.com/troublegrabber-malware-attack/]]|Tools Attack|
|>|>|>|''Fuites de données / Leaks'' |
|2020.11.20|InfoSecurity Mag|[[Faith App Pray.com Exposes Millions Through Cloud Misconfig|https://www.infosecurity-magazine.com/news/faith-app-praycom-exposes-millions/]]|Data_Leak AWS_S3|
|2020.11.22|Silicon Angle| → [[Pray.com exposes millions of user records on unsecured cloud storage|https://siliconangle.com/2020/11/22/pray-com-exposes-millions-user-records-unsecured-cloud-storage/]]|Data_Leak AWS_S3|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.11.18|Infosecurity Mag.|[[The Value of a Compromised Cloud Account|https://www.infosecurity-magazine.com/blogs/value-compromised-cloud-account/]]|Accounts Economics|
|>|>|>|''Menaces / Threats'' |
|2020.07.17|//CipherCloud//|[[CipherCloud Chronicles #7: Spot Your Insider Threats|https://www.ciphercloud.com/ciphercloud-chronicles-7-spot-your-insider-threats/]]|Insider_Threats|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.11.17|//Palo Alto Networks//|![[Information Leakage in AWS Resource-Based Policy APIs|https://unit42.paloaltonetworks.com/aws-resource-based-policy-apis/]] |AWS IAM APIs leakage|
|2020.11.17|Silicon Angle| → [[Amazon Web Services APIs can allegedly be exploited to steal user data |https://siliconangle.com/2020/11/17/amazon-web-services-apis-can-allegedly-exploited-steal-user-data/]]|AWS IAM APIs leakage|
|2020.11.17|Dark Reading| → [[Nearly Two Dozen AWS APIs Are Vulnerable to Abuse|https://www.darkreading.com/cloud/nearly-two-dozen-aws-apis-are-vulnerable-to-abuse/d/d-id/1339471]]|AWS IAM APIs leakage|
|2020.11.18|Security Week| ← [[Researchers Find Tens of AWS APIs Leaking Sensitive Data|https://www.securityweek.com/researchers-find-tens-aws-apis-leaking-sensitive-data]]|AWS IAM APIs leakage|
|2020.11.16|//Optiv//|[[Insecure API Cloud Computing: The Causes and Solutions|https://www.optiv.com/explore-optiv-insights/blog/insecure-api-cloud-computing-causes-and-solutions]]`|APIs|
|2020.11.13|CompariTech|[[Security vulnerabilities found affecting more than 80,000 Western Digital My Cloud NAS devices. Update now!|https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/]]|Flaw|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.11.19|Thomas Naunheim|![[Community Project: Azure AD Attack and Defense Playbook|https://www.cloud-architekt.net/aad-playbook-project/]] |AzureAD|
|2020.11.20|Sami Lamppu|[[Community Project: Azure AD Attack and Defense Playbook|https://samilamppu.com/2020/11/20/community-project-azure-ad-attack-and-defense-playbook/]] (1/2)|AzureAD|
|2020.11.16|//StakRox//|[[OpenShift Runtime Security Best Practices|https://www.stackrox.com/post/2020/11/openshift-runtime-security-best-practices/]] (3/5)|Openshift Best_Practices|
|2020.11.09|//Microsoft Azure//|[[New Azure Kubernetes Service (AKS) Security Workbook|https://techcommunity.microsoft.com/t5/azure-sentinel/new-azure-kubernetes-service-aks-security-workbook/ba-p/1867134]]|Azure_AKS|
|2020.11.19|ATT&CK CON|[[Building Detections For Cloud With Kql and ATT&CK|https://www.youtube.com/watch?v=dEORNlCS7xc]] (vidéo)|ATT&CK Conference|
|2020.11.19|ATT&CK CON|[[ATT&CKing The Cloud: Hopping Between The Matrice|https://www.youtube.com/watch?v=f1E6bquRxlA]] (vidéo)|ATT&CK Conference|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.11.18|//amdocs//|[[2020 Cloud Migration Trends Report|https://www.amdocs.com/cloud-migration-trends-2021]]|Report|
|2020.11.18|Solutions Review| → [[Amdocs: Security Is the Top Challenge for Cloud Adoption|https://solutionsreview.com/cloud-platforms/amdocs-security-is-the-top-challenge-for-cloud-adoption/]]|Report|
|2020.11.18|//Divvy Cloud//|[[ESG's Report on Cloud-driven Identities|https://divvycloud.com/esg-report/]]|Report|
|2020.11.17|//Veritas//|![[The Resiliency Gap Widens: Failure to Keep Pace with Complexity in Multi-Cloud Environments Leaves Businesses at Risk of Ransomware, Finds Veritas Survey|https://www.veritas.com/news-releases/2020-11-17-the-resiliency-gap-widens-failure-to-keep-pace-with-complexity-in-multi-cloud-environments-leaves-businesses-at-risk-of-ransomware-finds-veritas-survey]]|Report|
|2020.11.17|//Veritas//| ← Etude [[2020 Ransomware Resiliency Report|https://www.veritas.com/defy/ransomware]]|Report|
|2020.11.18|Dark Reading| → [[As Businesses Move to Multicloud Approach, Ransomware Follows|https://www.darkreading.com/cloud/as-businesses-move-to-multicloud-approach-ransomware-follows/d/d-id/1339475]]|Report|
|2020.11.18|Help Net Security| → [[Multi-cloud environments leaving businesses at risk|https://www.helpnetsecurity.com/2020/11/18/multi-cloud-environments-risk/]]|Report|
|2020.11.18|//Bitglass//|![[Bitglass' 2020 Cloud Security Report|https://www.bitglass.com/blog/bitglass-2020-cloud-security-report]]|Report|
|2020.11.18|BetaNews| ← [[Less than a third of organizations use cloud data leakage protection|https://betanews.com/2020/11/18/organizations-cloud-data-leakage-protection/]]|Report|
|2020.11.18|TechRepublic| ← [[How to improve the security of your public cloud|https://www.techrepublic.com/article/how-to-improve-the-security-of-your-public-cloud/]]|Report|
|2020.11.18|//Datto//|![[2020 Global State of the Channel Ransomware Report|https://www.datto.com/resources/dattos-2020-global-state-of-the-channel-ransomware-report]] |Report|
|2020.11.20|CyberSecurity Insiders| ← [[Ransomware attacks on one in four SaaS providers|https://www.cybersecurity-insiders.com/ransomware-attacks-on-one-in-four-saas-providers/]] |Report|
|>|>|>|''Sondages / Surveys'' |
|2020.11.18|//Bitglass//|![[Bitglass' 2020 Cloud Security Report|https://www.bitglass.com/blog/bitglass-2020-cloud-security-report]]|Report|
|2020.11.18|BetaNews| ← [[Less than a third of organizations use cloud data leakage protection|https://betanews.com/2020/11/18/organizations-cloud-data-leakage-protection/]]|Report|
|2020.11.18|TechRepublic| ← [[How to improve the security of your public cloud|https://www.techrepublic.com/article/how-to-improve-the-security-of-your-public-cloud/]]|Report|
|2020.11.17|Cloud Native Computing Foundation|![[Cloud Native Survey 2020: Containers in production jump 300% from our first survey|https://www.cncf.io/blog/2020/11/17/cloud-native-survey-2020-containers-in-production-jump-300-from-our-first-survey/]] |Survey CNCF|
|2020.11.17|Cloud Native Computing Foundation|[[CNCF Survey 2020|https://www.cncf.io/wp-content/uploads/2020/11/CNCF_Survey_Report_2020.pdf]] (pdf)|Survey CNCF|
|2020.11.16|Container Journal| ← [[CNCF Survey Finds Increased Dependency on Containers, Kubernetes|https://containerjournal.com/topics/container-ecosystems/cncf-survey-finds-increased-dependency-on-containers-kubernetes/]]|Survey CNCF|
|>|>|>|''Études / Studies'' |
|2020.11.16|//Trend Micro//|![[Cybercriminal Cloud of Logs|https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cybercriminal-cloud-of-logs-the-emerging-underground-business-of-selling-access-to-stolen-data]] |Report|
|2020.11.19|CyberSecurity Insiders| → [[Cloud operations are the latest target for ransomware groups|https://www.cybersecurity-insiders.com/cloud-operations-are-the-latest-target-for-ransomware-groups/]]|Report|
|>|>|>|''Publications'' |
|2020.11.17|Cloud Native Computing Foundation|![[Cloud Native Announcing the Cloud Native Security White Paper|https://www.cncf.io/blog/2020/11/18/announcing-the-cloud-native-security-white-paper/]] |Guidelines|
|2020.11.17|Cloud Native Computing Foundation| ← [[New Cloud Native Security Whitepaper|https://github.com/cncf/sig-security/blob/master/security-whitepaper/CNCF_cloud-native-security-whitepaper-Nov2020.pdf]]|Guidelines|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.11.22|Bug Bounty Writeup|[[Amazon Web Services IAM Basics, The only guide you need!|https://medium.com/bugbountywriteup/amazon-web-services-iam-basics-the-only-guide-you-need-ad2697b6a38e]]|AWS IAM|
|2020.11.20|Pawel Rzepa|[[AWS access keys leak in GitHub repository and some improvements in Amazon reaction|https://rzepsky.medium.com/aws-access-keys-leak-in-github-repository-and-some-improvements-in-amazon-reaction-cc2e20e89003]]|AWS GitHub Leak|
|2020.11.20|Pawel Rzepa|[[It seems that AWS recently add those new improvements to the process of handling leaks like…|https://medium.com/@rzepsky/it-seems-that-aws-recently-add-those-new-improvements-to-the-process-of-handling-leaks-like-18a24bc609f5]]|AWS Leak|
|2020.11.20|//Amazon AWS//|[[Fairness in multi-tenant systems|https://aws.amazon.com/builders-library/fairness-in-multi-tenant-systems/]]|AWS Multi_Tenant|
|2020.11.20|//Amazon AWS//|[[How to deploy the AWS Solution for Security Hub Automated Response and Remediation|https://aws.amazon.com/blogs/security/how-to-deploy-the-aws-solution-for-security-hub-automated-response-and-remediation/]]|AWS_SecurityHub|
|2020.11.20|//Amazon AWS//|[[Automatically update security groups for Amazon CloudFront IP ranges using AWS Lambda|https://aws.amazon.com/blogs/security/automatically-update-security-groups-for-amazon-cloudfront-ip-ranges-using-aws-lambda/]]|AWS|
|2020.11.18|//Amazon AWS//|[[Announcement: Availability of AWS Recommendations for the management of AWS root account credentials|https://aws.amazon.com/blogs/security/announcement-availability-of-aws-recommendations-for-management-of-aws-root-account-credentials/]]|AWS Best_Practices|
|2020.11.17|//Amazon AWS//|![[AWS Network Firewall - New Managed Firewall Service in VPC|https://aws.amazon.com/blogs/aws/aws-network-firewall-new-managed-firewall-service-in-vpc/]] |AWS Firewall|
|2020.11.17|//Amazon AWS//| → [[AWS Network Firewall|https://aws.amazon.com/fr/network-firewall/]]|AWS Firewall|
|2020.11.18|//Amazon AWS//| → [[AWS Firewall Manager now supports centralized management of AWS Network Firewall|https://aws.amazon.com/about-aws/whats-new/2020/11/aws-firewall-manager-supports-centralized-management-aws-network-firewall/]]|AWS Firewall|
|2020.11.18|MSSP Alert| → [[AWS Launches Network Firewall Managed Security Service|https://www.msspalert.com/cybersecurity-services-and-products/network/aws-network-firewall-managed-security-service/]]|AWS Firewall|
|2020.11.18|Security Week| → [[AWS Network Firewall Now Generally Available|https://www.securityweek.com/aws-network-firewall-now-generally-available]]|AWS Firewall|
|2020.11.18|Silicon Angle| → [[AWS launches AWS Network Firewall to block cloud threats|https://siliconangle.com/2020/11/18/aws-launches-aws-network-firewall-block-cloud-threats/]]|AWS Firewall|
|2020.11.18|//Check Point Software//| → [[Enhancing Cloud Security Posture for AWS Network Firewall|https://blog.checkpoint.com/2020/11/17/enhancing-cloud-security-posture-for-aws-network-firewall/]]|AWS Firewall|
|2020.11.18|Help Net Security| → [[AWS Network Firewall: Network protection across all AWS workloads|https://www.helpnetsecurity.com/2020/11/18/aws-network-firewall-protection/]]|AWS Firewall|
|2020.11.18|The Register| → [[AWS includes open-source Suricata for stateful inspection with Network Firewall service|https://go.theregister.com/feed/www.theregister.com/2020/11/19/aws_adopts_open_source_suricata/]]|AWS Firewall|
|2020.11.20|SANS| → [[AWS Network Firewall: More Than Just Layer 4|https://www.sans.org/blog/aws-network-firewall-more-than-just-layer-4/]]|AWS Firewall|
|2020.11.17|//Amazon AWS//|[[Centrally manage AWS WAF (API v2) and AWS Managed Rules at scale with Firewall Manager|https://aws.amazon.com/blogs/security/centrally-manage-aws-waf-api-v2-and-aws-managed-rules-at-scale-with-firewall-manager/]]|AW WAF Firewall|
|2020.11.16|DZone|[[Pros and Cons of CloudWatch for Error Monitoring|https://dzone.com/articles/pros-and-cons-of-cloudwatch-for-error-monitoring]]|AWS_CloudWatch|
|2020.11.16|//Alcide//|[[Supercharging Kubernetes Threat Detection with Alcide and AWS Security Hub|https://blog.alcide.io/alcide-aws-security-hub]]|AWS_Security_Hub|
|2020.11.19|//Amazon AWS//|[[Simplifying cross-account access with Amazon EventBridge resource policies|https://aws.amazon.com/blogs/compute/simplifying-cross-account-access-with-amazon-eventbridge-resource-policies/]]|AWS Account_Access|
|2020.11.16|//Amazon AWS//|[[Announcing protection groups for AWS Shield Advanced|https://aws.amazon.com/about-aws/whats-new/2020/11/announcing-protection-groups-aws-shield-advanced/]]|AWS_Shield|
|2020.11.16|//Amazon AWS//|[[Investigate VPC flow with Amazon Detective|https://aws.amazon.com/blogs/security/investigate-vpc-flow-with-amazon-detective/]]|AWS|
|2020.11.10|//Amazon AWS//|[[New - Deep Dive with Security: AWS Identity and Access Management (IAM)|https://aws.amazon.com/about-aws/whats-new/2020/11/new-deep-dive-with-security-aws-identity-and-access-management-iam/]]|AWS IAM|
|>|>|>|''Azure (Microsoft)'' |
|2020.11.19|Thomas Naunheim|![[Community Project: Azure AD Attack and Defense Playbook|https://www.cloud-architekt.net/aad-playbook-project/]] |AzureAD|
|2020.11.21|//Microsoft Azure//|[[Baseline architecture for an Azure Kubernetes Service (AKS) cluster|https://docs.microsoft.com/en-gb/azure/architecture/reference-architectures/containers/aks/secure-baseline-aks]]|AKS|
|2020.11.18|//Microsoft Azure//|[[Using Priority Accounts in Microsoft 365|https://techcommunity.microsoft.com/t5/microsoft-365-blog/using-priority-accounts-in-microsoft-365/ba-p/1873314]]|M365 IAM|
|2020.11.19|Security Week| ← [[Microsoft Boosts Security of 365 Priority Accounts|https://www.securityweek.com/microsoft-boosts-security-365-priority-accounts]]|M365 IAM|
|2020.11.18|//Microsoft Azure//|[[Modernize secure access for your on-premises resources with Zero Trust|https://www.microsoft.com/security/blog/2020/11/19/modernize-secure-access-for-your-on-premises-resources-with-zero-trust/]]|Zero_Trust|
|2020.11.17|Thomas Maurer|[[Manage updates and patches for your Azure VMs|https://www.thomasmaurer.ch/2020/11/manage-updates-and-patches-for-your-azure-vms/]] ([[vidéo|https://youtu.be/OkNVCWXseRA]])|Azure Patch_Management|
|2020.11.17|Daniel Neumann|[[Troubleshooting Azure Kubernetes Service tunnel component issues|https://www.danielstechblog.io/troubleshooting-azure-kubernetes-service-tunnel-component-issues/]]|AWS Kubernetes|
|2020.11.16|//Microsoft Azure//|[[Advancing global network reliability through intelligent software - part 2 of 2|https://azure.microsoft.com/en-us/blog/advancing-global-network-reliability-through-intelligent-software-part-2-of-2/]] (2/2)|Azure Reliability|
|2020.11.16|//Microsoft Azure//|[[General availability: VPN over ExpressRoute private peering|https://azure.microsoft.com/en-us/updates/general-availability-vpn-over-expressroute-private-peering/]]|Azure Peering|
|2020.11.09|//Microsoft Azure//|[[Deploying and Managing Azure Sentinel - Ninja style|https://techcommunity.microsoft.com/t5/azure-sentinel/deploying-and-managing-azure-sentinel-ninja-style/ba-p/1858073]]|Azure_Sentinel|
|2020.11.09|//Microsoft Azure//|[[New Azure Kubernetes Service (AKS) Security Workbook|https://techcommunity.microsoft.com/t5/azure-sentinel/new-azure-kubernetes-service-aks-security-workbook/ba-p/1867134]]|Azure_AKS|
|>|>|>|''GCP (Google)'' |
|2020.11.18|//Google Cloud//|[[Introducing Voucher, a service to help secure the container supply chain|https://cloud.google.com/blog/products/devops-sre/introducing-voucher-service-help-secure-container-supply-chain]]|GCP Cotainer Supply_Chain|
|2020.11.17|//Google Cloud//|[[A developer's guide to Google Kubernetes Engine, or GKE|https://cloud.google.com/blog/products/containers-kubernetes/tips-and-tricks-for-developers-learning-to-work-with-gke]]|GCP GKE|
|2020.11.17|//ScleSec//|[[Announcing Project Lockdown - GCP Automated Remediation Suite|https://scalesec.com/news/announcing-project-lockdown/]] ([[GitHub|https://github.com/ScaleSec/project_lockdown]])|Tools GCP|
|>|>|>|''Kubernetes'' |
|2020.11.19|//Accurics//|[[Kubernetes Security Starts With Policy as Code|https://www.accurics.com/blog/security/kubernetes-security-starts-with-policy-as-code/]]|K8s|
|2020.11.18|Kubernetes|[[Blog: Cloud native security for your clusters|https://kubernetes.io/blog/2020/11/18/cloud-native-security-for-your-clusters/]]|K8s|
|2020.11.18|//Check Point Software//|[[Achieving K8 Security @ The Speed & Scale of DevOps|https://blog.checkpoint.com/2020/11/18/achieving-k8-security-the-speed-scale-of-devops/]]|K8s DevSecOps|
|2020.11.22|//CodeBurst//|[[Kubernetes Watches by Example|https://codeburst.io/kubernetes-watches-by-example-bc1edfb2f83]]|K8s|
|2020.11.17|//Sysdig//|[[Kubernetes-native network security with Sysdig|https://sysdig.com/blog/kubernetes-native-network-security/]]|K8s|
|2020.11.17|Help Net Security| → [[Sysdig launches zero trust network security for Kubernetes to cut miscrosegmentation time|https://www.helpnetsecurity.com/2020/11/18/sysdig-zero-trust-network-security-for-kubernetes/]]|K8s|
|2020.11.16|//CyberArk Conjur//|[[Cloud Native IAM EKS Secrets Management for Kubernetes|https://www.conjur.org/blog/cloud-native-iam-eks-secrets-management-for-kubernetes/]]|K8s|
|2020.11.15|antitree|[[Pod Security Policies Are Being Deprecated in Kubernetes|https://www.antitree.com/2020/11/pod-security-policies-are-being-deprecated-in-kubernetes/]]|K8s|
|2020.11.13|CapitalOne|[[How to Maintain Compliance - At the Speed of Kubernetes|https://www.capitalone.com/tech/open-source/compliance-at-the-speed-of-kubernetes/]]|Compliance Kubernetes|
|2020.11.13|//Cloudflare//|[[Automated Origin CA for Kubernetes|https://blog.cloudflare.com/automated-origin-ca-for-kubernetes/]]|K8s|
|>|>|>|''Containers'' |
|2020.11.19|Alex Chapman|[[Privileged Container Escape - Control Groups release_agent|https://ajxchapman.github.io/containers/2020/11/19/privileged-container-escape.html]]|Containers|
|>|>|>|''Docker'' |
|2020.11.19|//SecureFlag//|[[Securing the Docker Ecosystem: Part 1: Strategies to Secure the Docker Daemon|https://blog.secureflag.com/2020/11/19/securing-the-docker-ecosystem-part-1-the-docker-daemon.html]] (1/3)|
|>|>|>|''Workloads'' |
|2020.11.18|//Intezer//|![[Cloud Workload Security: Part 2 - Security Features of AWS|https://www.intezer.com/blog/cloud-workload-security-part-2-security-features-of-aws/]] (2/5)|Workloads AWS|
|2020.11.18|//Carbon Black//|[[Defining Cloud Workload Protection|https://www.carbonblack.com/blog/defining-cloud-workload-protection/]]|Workloads Protection|
|>|>|>|''Outils / Tools'' |
|2020.11.20|Help Net Security|[[Open Raven Cloud-Native Data Protection Platform: Automating security and privacy operations|https://www.helpnetsecurity.com/2020/11/20/open-raven-cloud-native-data-protection-platform/]]|Tools|
|2020.11.20|//SpecterOps//|![[Introducing BloodHound 4.0: The Azure Update|https://posts.specterops.io/introducing-bloodhound-4-0-the-azure-update-9b2b26c5e350]]|AzureAD Tools Audit|
|2020.11.19|//Palo Alto Networks//|[[IAMFinder: Open Source Tool to Identify Information Leaked from AWS IAM Reconnaissance|https://unit42.paloaltonetworks.com/iamfinder/]]|Tools AWS IAM|
|2020.11.19|//Palo Alto Networks//| ← [[IAMFinder|https://github.com/prisma-cloud/IAMFinder]]|Tools AWS IAM|
|2020.11.16|Security Report|[[4 free DevSecOps tools for staying on top of vulnerabilities|https://securityreport.com/4-free-devsecops-tools-for-staying-on-top-of-vulnerabilities/]]|DevSecOps|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2020.11.22|Cloud Security Podcast|[[What Is Digital Risk Protection & Why Is It Important? - Sam Small, Zerofox|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-IS-DIGITAL-RISK-PROTECTION--WHY-IS-IT-IMPORTANT----Sam-Small--Zerofox-emquu5]]|Podcast|
|2020.11.17|NextGov|[[Critical Update: The Government's Cloud Anxiety|https://www.nextgov.com/podcasts/2020/11/critical-update-governments-cloud-anxiety/170099/]]|Podcast Risks|
|>|>|>|''Veilles / Newsletters'' |
|2020.11.22|Marco Lancini|[[The Cloud Security Reading List #64|https://cloudseclist.com/issues/issue-64/]] |Weekly_Newsletter|
|2020.11.19|TL;DR Security|[[#61 - Effective Security OKRs, Scaling Threat Modeling, Webscan|https://tldrsec.com/blog/tldr-sec-061/]] |Weekly_Newsletter|
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.11.21|Silicon Angle|[[Now that's multicloud: CIA awards multibillion-dollar contract to AWS, Microsoft, Google, Oracle and IBM|https://siliconangle.com/2020/11/20/now-thats-multicloud-cia-awards-multibillion-dollar-contract-aws-microsoft-google-oracle-ibm/]]|Government US|
|2020.11.18|Lexology|[[What is GAIA-X and What Do I Need To Know?|https://www.lexology.com/library/detail.aspx?g=6ba79c15-bd17-4377-a007-43a317244a7b]]|Gaia-X|
|2020.11.18|//Exoscale//|[[GAIA-X cloud initiative from Europe for Europe|https://www.exoscale.com/syslog/gaia-x/]]|GAIA-X|
|>|>|>|!Divers / Miscellaneous |
|2020.11.20|//Cipher Cloud//|[[2020 Vision: Adapting Security for Office 365 Collaboration|https://www.ciphercloud.com/2020-vision-adapting-security-for-office-365-collaboration/]]|O365|
|2020.11.20|//Capsule8//|[[Put Us In Coach - Cloud Security is a Team Sport|https://capsule8.com/blog/put-us-in-coach-cloud-security-is-a-team-sport/]]|Misc|
|2020.11.20|451 Research|[[Cloud Security is a Team Sport|https://clients.451research.com/reports/100726]]|Report|
|2020.11.19|CloudTweaks|[[Infrastructure-as-a-Service Security Responsibilities|https://cloudtweaks.com/2020/11/infrastructure-as-a-service-security/]]|Responsibilities|
|2020.11.19|InfoSec Write-Ups|[[Baseline Security Check II - Cloud Security Strategy|https://medium.com/bugbountywriteup/baseline-security-check-ii-a9da4f7634ae]]|Strategy|
|2020.11.18|CyberSecurity Insiders|[[How to Plan for Data Recovery|https://www.cybersecurity-insiders.com/how-to-plan-for-data-recovery/]]|Data_Recovery|
|2020.11.18|//Netskope//|[[SASE and the Forces Shaping Digital Transformation Part 3: Government and Industry Regulations, and Global Social and Economic Forces|https://www.netskope.com/blog/sase-and-the-forces-shaping-digital-transformation-part-3-government-and-industry-regulations-and-global-social-and-economic-forces]] (3/3)|SASE|
|2020.11.17|Lexology|[[At a glance: cloud computing contracts in France|https://www.lexology.com/library/detail.aspx?g=20052396-e6fe-4ba2-89f5-e1e0e3646072]]|Contracts|
|2020.11.17|//ThreatStack//|[[Establishing a 2021 Cloud Security Strategy|https://www.threatstack.com/blog/establishing-a-2021-cloud-security-strategy]]|Strategy|
|2020.11.17|//PivotPoint Security//|[[CSA's New IoT Security Controls Framework - How it Came About and Why it's so Effective|https://www.pivotpointsecurity.com/blog/csas-new-iot-security-controls-framework-how-it-came-about-and-why-its-so-effective/]]|CSA|
|2020.11.16|Help Net Security|[[How a move to the cloud can improve disaster recovery plans|https://www.helpnetsecurity.com/2020/11/16/improve-disaster-recovery-plans/]]|DRP|
|2020.11.16|//CloudCheckr//|[[Multi-Cloud Computing Glossary for AWS, Microsoft Azure, and Google Cloud|https://cloudcheckr.com/video/multi-cloud-computing-glossary-for-aws-microsoft-azure-and-google-cloud/]]|Glossary|
|2020.11.16|//HashiCorp//|[[A Vault Policy Masterclass|https://www.hashicorp.com/resources/a-vault-policy-masterclass]]|Vault Explain|
<<tiddler [[arOund0C]]>>
!"//Rent to Pwn the Blockchain - 51% Attacks Made Easy//"
Article publié le 20 novembre 2020 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA//
<<<
|This article is not legal or investment advice. This article covers some aspects of 51% attacks (and 34% attacks and some other variations) in DeFi, and some potential solutions to prevent these attacks from succeeding. So where I say "51% Attack" I mean "all attacks where you get enough capacity/votes/whatever to hijack the consensus mechanism."|
[>img(175px,auto)[iCSA/KBKBR.png]]''Let's get the ugly truth out of the way first: 51% attacks against real world Blockchains and DLTs, especially in the crypto currency space, are not a hypothetical or a "someday maybe" attack, they are a here and now attack''. For example in August of 2020 we had the headline "Ethereum Classic Hit by Third 51% Attack in a Month"+++^*[»] https://www.coindesk.com/ethereum-classic-blockchain-subject-to-yet-another-51-attack === with total losses in the millions and at least one exchange made public comments about delisting Ethereum Classic.
!!!Let's split the 51% attack into two main problems.
* The first one is the 51% attack against a Blockchain/DLT that doesn't have sufficient network mining capacity and diversity to be resistant.
* The second is the 51% attack against a real Blockchain/DLT with lots of network mining capacity spread across a diverse group of miners, such as Bitcoin or Ethereum.
!!!Gaining 51% (or more) of a Blockahin or DLT can be easy if you're willing to target a smaller network.
[>img(600px,auto)[iCSA/KBKB1.png]]Much like lions and cheetahs will cut an injured gazelle out of the herd, attackers can pick and choose their targets. Below are some graphs (courtesy of https://coinmetrics.io/charts/), that in classical fashion is both hard to read, and has incomplete data, but please bear with me (hashrate-lastyear.png)
If you zoom in you'll note some things:
* This is a graph of hashrates for various crypto currencies over the last 12 months (as of Sept 2020) for a variety of crypto currencies.
* The scale is logarithmic, in other words the difference between the highest (XMR at the top) and the lowest hashrates (e.g. ETC, ZEC) is massive, on the order of millions to hundred of millions.
* The hash rates are pretty consistent, but you'll notice that XMR (Monero) has a big bump in 2019 due to the implementation of an ASIC resistant work function, something they do semi regularly to keep the protocol decentralized (more on this later).
* There are clearly some big healthy networks, and some smaller, sickly networks, which we know to be true thanks to publicly confirmed 51% attacks on them such as Ethereum Classic (ETC), if you check the market value they generally correlate to the hash rate (more hashing means more valuable).
!!!Given this, one obvious strategy for attackers is to attack weaker crypto currencies.
For example in April of 2020 the Bitcoin Cash (BCH) experienced a hash rate drop of 80% (because the mining reward was reduced), which means a 51% attack is now significantly easier. The long and short of it is for approximately $10,000 (USD), you could rent enough hashing power to conduct an attack. Whether or not the attacker could then conduct an attack that gains them more than $10,000 (USD) and actually launder the cash is another question.
!!A second strategy inline with attacking weak networks is to conduct an attack that helps weaken the network.
If an attacker can knock a major mining pool(s) offline for example, that would reduce network capacity, consequently making the attack more likely to succeed. This can be done through network routing attacks for example such as BGP hijacking of network routes, or DNS related attacks (in theory movie style plots such as killing power to a mining facility is possible, but highly unlikely). The good news here is that most crypto currencies have market forces that encourage miners to have reasonably reliable systems with low latency access to the crypto network in order to be more successful at mining blocks and earning rewards. As such these market forces generally encourage robust networks that are not easily attacked and knocked offline.
!!Some statistics on 51% Attacks
The following explanation is grossly simplified but generally applies to most blockchains using a Proof-of-Work (PoW) consensus system (most current crypto currencies fall into this category). The way most crypto currency blockchains work is simple: data is sent to a mempool, this data is pulled by miners who create blocks, add a nonce and then hash the block to get a specific result so it is a valid block, and repeat as needed until they get the result they need, or someone else mines a valid block and broadcasts it to prove that they won. Even if a valid block has been mined it is possible for someone to broadcast a longer set of blocks and "win," most networks take the longest chain of blocks as being the valid ones (of course many exceptions exist here, but this is broadly true).
The problem with generating this longer chain of blocks is simple: it requires a LOT of computing power to create a list of blocks longer than the current "real" set. In other words the attacker has to be able to mine blocks much faster than the network to stand a chance. The bad news (for attackers) is that there are generally no shortcuts. Most chains use strong hashing algorithms and select for outputs that require brute force mining, even with the ability to select what goes into blocks miners are stuck generating random nonces, trying them out and repeating until they find one that works. Rainbow tables and other kinds of pre-compute attacks do not generally work unless the crypto currency hashing system uses a weak hash.
Also generating a longer chain isn't enough, simply having the longer chain and hijacking consensus won't necessarily result in your attack succeeding. You still need to conduct a double spending or related attack, and move the crypto currency somewhere else, otherwise the attacker runs the risk of the network agreeing to hard fork the blockchain and essentially just ignore the attack, which has happened (the Ethereum DAO attack for example). So in general we're talking several dozen blocks at a minimum in order to convince external parties that things are ok and the transfer of crypto assets was finalized correctly.
!!!Conclusion
There's some simple facts about 51% attacks that people need to keep in mind: they are not theoretically possible, they are provably real and have happened. This is complicated by the fact however that the most successful crypto currency blockchains have a huge amount of hashing power and would be impossible to attack, right? Well the challenge is that mining is a profitable activity, and massive mining begets efficiency which makes it more efficient and more likely to generate returns. In fact we have already seen this happen several times, for example Nicehash rents out hash power and has grown enough that by simply renting hashing power from Nicehash attackers were able to 51% attack BTG (Bitcoin Gold), spending approximately $1,200 on rental fees in order to double spend approximately $72,000, a 5900% rate of return (minus the effort and expertise needed, but still, a significant rate of return). Will attackers go after the big game like Bitcoin and Ethereum? No. Will they hunt down and double spend on the smaller networks? Yes, they have, and they will continue to do so.
Link+++^*[»] https://news.bitcoin.com/bitcoin-gold-whale-allegedly-controls-half-the-btg-supply/ ===
<<<
//__Liens :__
* Article sur le site de la CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/20/rent-to-pwn-the-blockchain-51-attacks-made-easy/ 
!"//The 2020 State of Identity Security in the Cloud//"
[>img(200px,auto)[iCSA/KBJPT.png]]Publication du 19 novembre 2020 //
<<<
The use of cloud services have continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better understand how cloud services are being used during this transition and how organizations are securing their operations over the next 12 months.
Goals of the study:
* Determine the use and challenges of public cloud workloads today and 1 year from now
* Understand cloud IAM challenges specifically human and machine identity challenges
* Establish the anticipated methods of addressing cloud IAM challenges
* Identify the teams and roles responsible for cloud IAM
<<<
//
!!!Liens
* Téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/the-2020-state-of-identity-security-in-the-cloud/
* Document (PDF) ⇒ https://cloudsecurityalliance.org/download/artifacts/the-2020-state-of-identity-security-in-the-cloud/
!"//Cloud Security Alliance Opens Registration for CloudBytes Connect: From the SOC to the Boardroom//"
[>img(600px,auto)[iCSA/L22CC.png]]Communiqué de presse publié le 19 novembre 2020.
//CSA is excited to launch CloudBytes Connect, a multi-day virtual event program that brings the collaboration of research and community to the forefront. Leveraging CSA's research initiatives to educate the industry on key issues and trends faced in cloud security, CloudBytes Connect will introduce participants, free of charge, to their peers and prominent leaders in the cloud and cybersecurity industry. 
Over the course of three days, CSA will present a world-class program of speakers who will provide in-depth discussion and insight on specific topics each day. Keynote sessions will be presented from 9:00 am - 1:00 pm (PST) each morning.//
<<<
//Attendees can earn up to seven CPE credits while learning about C-Level cloud priorities, current threats, and state-of-the-art best practices
SEATTLE - Nov. 19, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that registration has opened for its upcoming CloudBytes Connect virtual symposium, ''From the SOC to the Boardroom''+++^*[»] https://web.cvent.com/event/0383a9e5-ab2a-4a39-871c-5767658425a2/summary?RefId=CSA-PR ===, taking place Feb. 2-4, 2021. This next symposium will address the most critical cloud priorities for CISOs, their CxO peers, and the Board of Directors. The event will also explore security threats, innovations, best practices, and the global cyber governance approaches needed to traverse and thrive in the new frontiers of cloud security with the industry's top security experts. Attendees of this free event will have the chance to earn up to seven CPE credits.
As organizations around the globe continue adapting to the changing economic impacts of COVID-19, security will remain a top priority for CISOs in 2021. CSA is honored to have Ann Johnson, Corporate Vice President of Security, Compliance, and Identity Business Development at Microsoft, as a featured keynote speaker. Johnson will provide her perspective on critical cloud issues facing C-Level executives.
"COVID-19 has exposed many organizations that failed to keep pace with modern technologies supporting digital transformation goals, which at its foundation is a secure, virtualized strategy based upon cloud. As companies play catch up, we are observing several challenges, ranging from degraded data security postures to fast-moving threats to defining appropriate executive engagement. To support this acceleration into a secure cloud-based enterprise, we have carefully curated a roster of leading experts to provide guidance across this broad set of challenges," said Jim Reavis, co-founder and CEO, Cloud Security Alliance.
"With 42 percent of organizations saying their workforce will continue to be remote even a year from now, future proofing your security posture leveraging the intelligent cloud will mean the difference between success and struggle," said Ann Johnson, Corporate Vice President, Security, Compliance, and Identity Business Development, Microsoft. "I'm excited to share the insights Microsoft has helped drive that lead to the success of a more secure cloud ecosystem at this virtual symposium."
Speakers will be available on Circle for follow-up discussions in the Inner Circle community group immediately after the session. Circle is a global community of CSA members and partners that facilitates the sharing of resources and discussion.
The full agenda will be released in the coming weeks.//
<<<
__Lien :__
* Communiqué de presse ⇒ https://cloudsecurityalliance.org/press-releases/2020/11/19/cloud-security-alliance-opens-registration-for-cloudbytes-connect-from-the-soc-to-the-boardroom/
* Inscription → https://web.cvent.com/event/0383a9e5-ab2a-4a39-871c-5767658425a2/summary?RefId=CSA-PR 
!"//CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects//"
[>img(150px,auto)[iCSA/K4QCCSK.png]]Article de blog publié le 19 novembre 2020
<<<
//This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Tay Keng, Solution Architect at PTC System Pte Ltd.
Q: You currently work at PTC System Pte Ltd, as a solution architect. Can you tell us a little bit about what your job involves?
A: My main job is to develop proposals for multi-vendor solutions in response to tender requirements. I am also responsible for presales activities concerning security products and do presentations for clients one-on-one at security conferences and security themed exhibitions.

Q: Can you share with us some complexities in managing cloud computing projects?
A: So far, I have been involved in cloud computing projects involving private on-premise cloud deployments using hyper-converged infrastructure from Cisco, Dell and VMware. The most complex portion of such projects is defining what goes into the self-service portal and implementing it into a dummy-proof user interface to provision their workloads.

Q: In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
A: My recommendations are:
* Be absolutely clear about the Shared Responsibility of security when moving workloads to the cloud. The customer is still ultimately responsible for the security of their workloads - but it is different than when they were on-prem.
* Pay-as-you-go (PAYG) sounds great at its face value, but it can come back and bite you in the form of "bill shock" at the end of the month because of:
** Forgetting to shutdown idle VMs when not in use
** Oversizing VMs instead of right-sizing it using the right tools (like Turbonomic)
** Forgetting to count the costs of egress traffic volume in estimating cloud costs
** Not realizing that when you have a lot of workloads that do not change very much, you can save a lot more by using Reserved Instances instead of PAYG.
* Configure cloud resources like storage buckets like S3 using the least privilege principle.
* Must deploy MFA for the cloud management console access since it is the key to the "crown jewels" of your cloud resources.

Q: What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
A: I was already studying for CISSP when I was offered CCSK training. So I jumped at the opportunity. Moreover, my company was supportive and offered to pay for the exam fee. The Data Security & Encryption module was the most relevant in my work because just at that same time, I was working on a tender that had extensive requirements for data security.

Q: What is the best advice you would give to IT professionals in order for them to scale new heights in their careers?
A: We must all realize that whatever certificate one obtains is just relevant for a fixed period of time since you know the technology is always evolving and changing. We should never stop learning, or we will become obsolete very fast.//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/19/ccsk-success-stories-common-pitfalls-in-managing-outsourced-cloud-projects/ 
!"//Circle - The Most Vital Cybersecurity Community//"
[>img(300px,auto)[iCSA/Orbert.png]]Article de blog publié le 16 novembre 2020 • Rédigé par Jaclyn Parton, Marketing Coordinator, CSA
<<<
//At CSA, building community is at the core of our mission. Since our beginning in 2009, CSA has been providing a forum through which diverse parties, such as CISOs, students, professors, and all of the cybersecurity professionals in between, from all over the world can work together to create and maintain a trusted cloud ecosystem. Circle came into being as a natural extension of that goal. Circle is CSA's online community forum platform where you can connect with peers and industry leaders. An online corner focused on security, free from the noise of other social platforms and free for anyone to use, anywhere around the world.

The platform has been a vision of CSA CEO Jim Reavis for quite some time. He says, "Cybersecurity is on the verge or a new epoch. Pervasive technology in new forms is coming at us in waves. 5G, AI, Quantum and the possibility of virtually every physical item having some sort of microprocessor will be challenging cybersecurity. Cloud, of course, is foundational to all of these innovations. The success of this new epoch of cybersecurity is going to be dependent upon the people who choose to be in this industry. This is why I am long on Circle. Cybersecurity professionals need to master new knowledge domains faster than ever and they need to share experiences more broadly than ever. At CSA we have established Circle to be the community platform for cybersecurity. We have a lot of work to do to make this platform equal to our aspirations and we are committed to continuing to invest in Circle, to make it easier to use, more relevant to your job, and to surface key insights as you need them. Your engagement is creating a cybersecurity network effect, which will be the catalyst to your success and ours. Let's make Circle the largest, most vital cybersecurity community in the world."

The need for an open cybersecurity community is more pertinent than ever since the surprising end of Peerlyst in late August. Since Circle's inception (early March 2019) we have seen continued growth in members and some amazing contributions to the discussion platform. From discussions around new research initiatives and pressing security issues, to light-hearted introductions, the Inner Circle community has become the place for all platform members to connect about anything on their minds. Sometimes the most unlikely posts see the most discussion. And if a community does not exist yet for a topic that you think should, you can create it by emailing CSA with your request.
!!What makes Circle unique from other online communities?
Circle is a user-owned space set up for collaboration, creativity and connection. As a vendor-neutral nonprofit organization, we believe that we have the power to bring folks together for the common good of the security community and we welcome you to join us in this mission.

Our research working groups use Circle as their virtual hub for collaborating on the documents you see published on our website. Any cybersecurity professional can be a part of the research on topics like Artificial intelligence, Top Threats to Cloud Computing, DevSecOps, Blockchain/DLT Framework, Internet of Things and so many more. Check out the full list here.

You can also use the platform to connect with a local CSA Chapter or if you are a CSA Corporate member you can be a part of CSA's corporate member communities. We even have a community around Design in Security, where people can discuss the intricacies and challenges of designing content for the cyber security industry. Look for your next job or share your company's available positions in the Job Board or continue your professional development by connecting with our training communities. The possibilities are really endless. And if you see an opportunity to enhance Circle, please reach out. We want this space to flourish and your ideas can make it better!
!!Meet Orbert, Your Guide to Circle
[>img(700px,auto)[iCSA/OrbertWelcome.jpg]]As you navigate through Circle you'll notice Orbert helping you through the platform. Orbert is our Alien friend and guide to all things Circle. The idea to create Orbert came from me, the behind-the-scenes Circle facilitator, and was brought to life by CSA Designer, AnnMarie Ulsky. Our hope is that Orbert will be able to help all security professionals navigate through the platform and provide support when it's needed.

|ssTablN0|k
|!Here's the origin story for how Orbert found the way to Circle!+++^*[»] https://www.youtube.com/watch?v=7K38AK8RAd8 ===|!<<tiddler [[RollKBG]]>>|
|There was a security breach on Obert's home planet, Crystal Ball Nebula (NGC 1514). Something sinister was stealing everyone's information. Orbert fought off the data-stealing monster but ended up being the lone survivor. After this attack, it became Orbert's mission to protect other planets from similar attacks. Orbert has traveled the galaxy helping planets in similar despair and during which, realized that the best way to defend against the attack of one's personal information is to form a community and work together to keep the world safe from cyber threats. From this idea Circle came into existence. Orbert guides users through the platform connecting people and facilitating conversation around any cybersecurity topic under the stars.|~|
We hope you'll connect with Orbert on Circle and tell us what you think of the Alien friend.
!!Join Circle now!
Now is your chance to join a global community that facilitates resources and security discussion within a diverse group of CSA partners. You can join in CSA's research initiatives, connect with a local chapter, ask authorized trainers about educational opportunities, stay up to date with your CSA member benefits, and build your thought leadership and reputation with innovative discussion posts. See you in there!
Need help creating an account? Read the Circle Getting Started Guide.+++^*[»] https://cloudsecurityalliance.org/artifacts/circle-getting-started-guide/ === 
Still not finding what you are looking for? Check out the Circle FAQ page+++^*[»] https://circle.cloudsecurityalliance.org/faqs/faq ===//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/16/circle-the-most-vital-cybersecurity-community/ 
<<QOTD RolledRollKBG 3000 noclick norandom>>
[img(300px,auto)[iCSA/Orbert9.png]]
----
[img(300px,auto)[iCSA/Orbert1.png]]
----
[img(300px,auto)[iCSA/Orbert2.png]]
----
[img(300px,auto)[iCSA/Orbert3.png]]
----
[img(300px,auto)[iCSA/Orbert4.png]]
----
[img(300px,auto)[iCSA/Orbert5.png]]
----
[img(300px,auto)[iCSA/Orbert6.png]]
----
[img(300px,auto)[iCSA/Orbert7.png]]
----
[img(300px,auto)[iCSA/Orbert8.png]]
----
[img(300px,auto)[iCSA/Orbert9.png]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #90|2020.11.15 - Newsletter Hebdomadaire #90]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #90|2020.11.15 - Weekly Newsletter - #90]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.11.15 - Newsletter Hebdomadaire #90]]>> |<<tiddler [[2020.11.15 - Weekly Newsletter - #90]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> === is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 9 au 15 novembre 2020
!!1 - Informations CSA 9 au 15 novembre 2020

* Actu : Conférence FIRST 2020 du 16 au 18 novembre 2020+++*[»]> <<tiddler [[2020.11.11 - Actu : Conférence FIRST 2020 du 16 au 18 novembre 2020]]>>=== 
* Publication : 'Key Management when using Cloud Services'+++*[»]> <<tiddler [[2020.11.09 - Publication : 'Key Management when using Cloud Services']]>>=== 
* Blog : 'Seven Steps to defining the art of the possible in DevOps'+++*[»]> <<tiddler [[2020.11.13 - Blog : 'Seven Steps to defining the art of the possible in DevOps']]>>=== 
* Blog : 'California Privacy Rights Act: What Are the Consequences for Cloud Users?'+++*[»]> <<tiddler [[2020.11.13 - Blog : 'California Privacy Rights Act: What Are the Consequences for Cloud Users?']]>>=== 
* Blog : 'What is cloud security? How is it different from traditional on-premises network security?'+++*[»]> <<tiddler [[2020.11.09 - Blog : 'What is cloud security? How is it different from traditional on-premises network security?']]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 110 liens|2020.11.15 - Veille Hebdomadaire - 15 novembre]])

* __''À lire''__
** Panorama des services de chiffrement des fournisseurs+++^*[»] 
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[À la découverte des services de chiffrement des fournisseurs cloud|https://www.lemagit.fr/essentialguide/A-la-decouverte-des-services-de-chiffrement-des-fournisseurs-cloud]] |Encryption|
=== 
** Modèle de maturité Kubernetes (//Fairwinds//)+++^*[»] 
|2020.11.10|//Fairwinds//|![[Kubernetes Maturity Model|https://www.fairwinds.com/kubernetes-maturity-model]] |K8s Maturity|
|2020.11.10|//Fairwinds//| → [[Fairwinds Introduces Industry-First End-to-End Kubernetes Maturity Model|https://vmblog.com/archive/2020/11/10/fairwinds-introduces-industry-first-end-to-end-kubernetes-maturity-model.aspx]]|K8s Maturity|
=== 
** Principe de collecte de données cloud à distance (Forensics Focus)+++^*[»] 
|2020.11.10|Forensics Focus|![[Best Strategies For Remote Collections Of Computer, Mobile And Cloud Data|https://www.forensicfocus.com/webinars/best-strategies-for-remote-collections-of-computer-mobile-and-cloud-data/]] ([[vidéo|https://www.youtube.com/watch?v=I0rCGRQTWZg]]) |Forensics|
=== 

* __Attaques, Incidents, Fuites de données, Pannes__
** Attaques : Fausses notifications de correctifs Teams+++^*[»] 
|2020.11.09|Bleeping Computer|[[Fake Microsoft Teams updates lead to Cobalt Strike deployment|https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/]]|Teams Attacks|
=== 
** Fuites de données : Buckets AWS S3 encoreà l'origine d'une fuite massive de données+++^*[»] 
|2020.11.09|//Threatpost//|[[Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak|https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/]]|Data_Leak|
|2020.11.06|Web Site Planet| ← ''[[Report: Hotel Reservation Platform Leaves Millions of People Exposed in Massive Data Breach|https://www.websiteplanet.com/blog/prestige-soft-breach-report/]]''|Data_Leak|
|2020.11.10|Graham Cluley| → [[Millions of hotel guests worldwide have their private details exposed|https://grahamcluley.com/hotel-software-data-breach/]]|Data_Leak|
|2020.11.10|Dark Reading| → [[Hotels.com & Expedia Provider Exposes Millions of Guests' Data|https://www.darkreading.com/cloud/hotelscom-and-expedia-provider-exposes-millions-of-guests-data/d/d-id/1339407]]|Data_Leak|
|2020.11.10|Computer Weekly| → [[Leaky AWS S3 bucket once again at centre of data breach|https://www.computerweekly.com/news/252491842/Leaky-AWS-S3-bucket-once-again-at-centre-of-data-breach]]|Data_Leak|
=== 
** Pannes : OneDrive affecté+++^*[»] 
|2020.11.11|Computer Weekly|[[Microsoft consumer cloud outage blights Outlook.com and OneDrive users|https://www.computerweekly.com/news/252491909/Microsoft-consumer-cloud-outage-blights-Outlookcom-and-OneDrive-users]]|Outage|
=== 

* __Risques, Menaces, Vulnérabilités__
** Risques : Identification des risques cachés (World Economic Forum)+++^*[»] 
|2020.11.12|World Economic Forum|![[5 questions your business must answer to understand the hidden risks in the cloud|https://www.weforum.org/agenda/2020/11/business-risks-cloud-computing/]] |Risks|
=== 
** Menaces : prévention contre l'exposition de données avec AWS (SANS) • Cloud-jacking • Muhstik, botnet IoT qui vise les serveurs Cloud+++^*[»] 
|2020.11.12|SANS ISC Handler|![[Preventing Exposed Azure Blob Storage|https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/]]|Azure Prevention|
|2020.11.12|SANS ISC Handler|![[Exposed Blob Storage in Azure|https://isc.sans.edu/forums/diary/Exposed+Blob+Storage+in+Azure/26784/]]|Azure Prevention|
|>|>|>|!|
|2020.11.10|//Webroot//|[[Getting to Know Cloudjacking and Cloud Mining Could Save Your Business|https://www.webroot.com/blog/2020/11/10/getting-to-know-cloudjacking-and-cloud-mining-could-save-your-business/]]|Attacks|
|2020.11.10|//TechGenix//|[[Cloud-jacking: An evolving and dangerous cybersecurity threat|http://techgenix.com/cloud-jacking/]]|Threats|
|>|>|>|!|
|2020.11.10|//Lacework//|[[Meet Muhstik - IoT Botnet Infecting Cloud Servers|https://www.lacework.com/meet-muhstik-iot-botnet-infecting-cloud-servers/]]|Botnet Attacks|
|2020.11.11|Bleeping Computer| → [[Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal|https://www.bleepingcomputer.com/news/security/chinese-linked-muhstik-botnet-targets-oracle-weblogic-drupal/]]|Botnet Attacks|
=== 
** Vulnérabilités : VoltPillager contre les enclaves Intel SGX+++^*[»] 
|2020.11.11|Zitai Chen|[[VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface|https://zt-chen.github.io/voltpillager/]] ([[pdf|https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf]])|SGX Attacks|
|2020.11.14|The Register| → [[Stick a fork in SGX, it's done: Intel's cloud-server security defeated by $30 chip and electrical shenanigans|https://www.theregister.com/2020/11/14/intel_sgx_protection_broken/]]|SGX Attacks|
|2020.11.16|Security Week| → [[VoltPillager: New Hardware-Based Voltage Manipulation Attack Against Intel SGX|https://www.securityweek.com/voltpillager-new-hardware-based-voltage-manipulation-attack-against-intel-sgx]]|SGX Attacks|
=== 

* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Sécurité du Cloud (//IBM//)+++^*[»] 
|2020.11.12|//Security Intelligence//|[[Implement Cloud Security Best Practices With This Guide|https://securityintelligence.com/articles/implement-cloud-security-best-practices/]]|Best_Practices|
=== 

* __Rapports, Sondages, Études, Publications__
** Rapports : 'Kubernetes (K8s) Data Protection Report' (//Zettaset//) • '2020 Duo Trusted Access Report' (//Duo Security//) • mise à jour 2020 pour 'Cloud-Native: The IaaS Adoption and Risk Report' (//MacAfee//)+++^*[»] 
|2020.11.12|//Zettaset//|[[New Research Confirms Enterprise Organizations Have Embraced Containers and Kubernetes but are Struggling to Properly Secure Data Stored in Cloud-Native Environments|https://vmblog.com/archive/2020/11/12/new-research-confirms-enterprise-organizations-have-embraced-containers-and-kubernetes-but-are-struggling-to-properly-secure-data-stored-in-cloud-native-environments.aspx]]|Report Kubernetes|
|2020.11.12|BetaNews| → [[Enterprises accelerate cloud transformation but struggle with security|https://betanews.com/2020/11/12/enterprises-cloud-transformation-struggle-security/]]|Report Kubernetes|
|2020.11.13|Help Net Security| → [[Enterprises embrace Kubernetes, but lack security tools to mitigate risk|https://www.helpnetsecurity.com/2020/11/13/enterprises-embrace-kubernetes-lack-security-tools/]]|Report Kubernetes|
|2020.11.10|//Duo Security//|[[2020 Duo Trusted Access Report|https://duo.com/resources/ebooks/the-2020-duo-trusted-access-report]]|Report|
|2020.11.10|Dark Reading| → [[Cloud Usage, Biometrics Surge As Remote Work Grows Permanent|https://www.darkreading.com/threat-intelligence/cloud-usage-biometrics-surge-as-remote-work-grows-permanent/d/d-id/1339413]]|Report|
|2020.11.10|Dark Reading|[[You're One Misconfiguration Away from a Cloud-Based Data Breach|https://www.darkreading.com/cloud/youre-one-misconfiguration-away-from-a-cloud-based-data-breach/a/d-id/1337464]]|Risks|
|2020.11|//MacAfee//| ← [[Cloud-Native: The Infrastructure-as-a-Service (IaaS) Adoption and Risk Report|https://cloudsecurity.mcafee.com/cloud/en-us/forms/white-papers/wp-cloud-adoption-risk-report-iaas.html]]|Report|
=== 

* __Cloud Services Providers, Outils__
** AWS: AWS Nitro Enclaves • Lightsail Containers • Securing Amazon WorkSpaces • Integrating CloudEndure Disaster Recovery+++^*[»] 
|2020.11.13|//Amazon AWS//|[[What is AWS Nitro Enclaves?|https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html]]|AWS Nitro Enclaves|
|2020.11.13|//Amazon AWS//|[[Lightsail Containers: An Easy Way to Run your Containers in the Cloud|https://aws.amazon.com/blogs/aws/lightsail-containers-an-easy-way-to-run-your-containers-in-the-cloud/]]|Containers|
|2020.11.11|//Amazon AWS//|[[How to secure your Amazon WorkSpaces for external users|https://aws.amazon.com/blogs/security/how-to-secure-your-amazon-workspaces-for-external-users/]]|AWS|
|2020.11.10|//Amazon AWS//|[[Integrating CloudEndure Disaster Recovery into your security incident response plan|https://aws.amazon.com/blogs/security/integrating-cloudendure-disaster-recovery-into-your-security-incident-response-plan/]]|AWS DRP|
=== 
** Azure: Long Term Retention of Azure Sentinel Logs • New DNS Features in Azure Firewall+++^*[»] 
|2020.11.13|//Microsoft Azure//|[[Using Azure Data Explorer for long term retention of Azure Sentinel logs|https://techcommunity.microsoft.com/t5/azure-sentinel/using-azure-data-explorer-for-long-term-retention-of-azure/ba-p/1883947]]|Azure_Sentinel Logging|
|2020.11.09|//Microsoft Azure//|[[New enhanced DNS features in Azure Firewall - now generally available|https://azure.microsoft.com/blog/new-enhanced-dns-features-in-azure-firewall-now-generally-available/]]|Azure DNS|
=== 
** GCP: Ensuring High Availability • Anthos Developer Sandbox • Connecting to Google CE VMs+++^*[»] 
|2020.11.13|//Google Cloud//|[[It's not DNS: Ensuring high availability in a hybrid cloud environment|https://cloud.google.com/blog/products/networking/create-a-highly-available-hybrid-cloud-dns-configuration]]|GCP DNS|
|2020.11.13|//Google Cloud//|[[Introducing the Anthos Developer Sandbox - free with a Google account|https://cloud.google.com/blog/topics/anthos/introducing-the-anthos-developer-sandbox/]]|GCP Anthos|
|2020.11.10|//Google Cloud//|[[Connecting Securely to Google Compute Engine VMs without a Public IP or VPN|https://medium.com/google-cloud/connecting-securely-to-google-compute-engine-vms-without-a-public-ip-or-vpn-720e53d1978e]]|GCP VMs|
=== 
** OVH Cloud: Co-building Cloud Services with Google Cloud+++^*[»] 
|2020.11.09|Le Mag IT[>img[iCSF/flag_fr.png]]|[[OVHcloud en route pour devenir l'alternative européenne à AWS|https://www.lemagit.fr/actualites/252491753/OVHcloud-en-route-pour-devenir-lalternative-europeenne-a-AWS]]|OVHcloud GCP Europe|
|2020.11.09|Silicon[>img[iCSF/flag_fr.png]]|[[OVHcloud : un levier souverain pour Google Cloud en Europe|https://www.silicon.fr/ovhcloud-levier-souverain-google-cloud-europe-351107.html]]|OVHcloud GCP Europe|
|2020.11.10|Computer Weekly| → [[Google and OVHcloud to bring co-built cloud services to European enterprises|https://www.computerweekly.com/news/252491823/Google-and-OVHcloud-to-bring-co-built-cloud-services-to-European-enterprises]]|OVHcloud GCP Europe|
|2020.11.11|The Register| → [[Cutting the ties: European hosting provider OVHCloud to offer Google Anthos, no Google account needed|https://www.theregister.com/2020/11/11/european_hosting_provider_ovhcloud_will/]]|OVHcloud GCP Europe|
=== 
** Kubernetes : Vecteurs d'attaque : 3ème partie sur la Persistence (//Alcide//) • Codes d'erreurs • Modèle de maturité (//Fairwinds//)+++^*[»] 
|2020.11.12|//Alcide//|![[Kubernetes Threat Vectors: Part 3 - Persistence|https://www.alcide.io/kubernetes-threat-vectors-part-3-persistence]] (3/11) |Kubernetes Threats|
|2020.11.11|//Build5Nines//|[[Fix Kubernetes Dashboard Strange 401 Unauthorized, 503 Service Unavailable Errors|https://build5nines.com/fix-kubernetes-dashboard-strange-401-unauthorized-503-service-unavailable-errors/]]|K8s|
|2020.11.10|//Fairwinds//|![[Kubernetes Maturity Model|https://www.fairwinds.com/kubernetes-maturity-model]] |K8s Maturity|
|2020.11.10|//Fairwinds//| → [[Fairwinds Introduces Industry-First End-to-End Kubernetes Maturity Model|https://vmblog.com/archive/2020/11/10/fairwinds-introduces-industry-first-end-to-end-kubernetes-maturity-model.aspx]]|K8s Maturity|
=== 
** Outils : Leonidas (Simulation d'attaques) • OpenCSPM (CSPM)+++^*[»] 
|2020.11.12|KitPloit|[[Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases|https://www.kitploit.com/2020/11/leonidas-automated-attack-simulation-in.html]]|Tools Simulation|
|2020.11.12|//Darkbit//|[[Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform|https://darkbit.io/blog/announcing-opencspm]]|CSPM|
=== 

* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts : 'Open Source AWS Security' (Cloud Security Podcast) • 'Cloud Attack Vectors' (SilverLining)+++^*[»] 
|2020.11.15|Cloud Security Podcast|[[Open Source AWS Security - Matthew Fuller, co-Founder CloudSploit, Aqua|https://anchor.fm/cloudsecuritypodcast/episodes/OPEN-SOURCE-AWS-SECURITY---MATTHEW-FULLER--co-Founder-CloudSploit--Aqua-emgb3q]]|Podcast|
|2020.11.11|SilverLining Podcast|![[Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC|https://silverlining-il.castos.com/episodes/episode-28-analyzing-cloud-attack-vectors-saas-marketplaces-and-office-365-bec]] ([[mp3|https://episodes.castos.com/5e4aaf232467c1-76191533/silverlining-podcast-%D7%A2%D7%95%D7%A4%D7%A8-%D7%9E%D7%90%D7%95%D7%A8.mp3]]) |Podcast|
=== 
** Veilles : TL;DR Security #60 • The Cloud Security Reading List #63+++^*[»] 
|2020.11.15|Marco Lancini|[[The Cloud Security Reading List #63|https://cloudseclist.com/issues/issue-63/]] |Weekly_Newsletter|
|2020.11.11|TL;DR Security|[[#60 - Cartography + IAM, Security Scorecard, Self-service Security|https://tldrsec.com/blog/tldr-sec-060/]] |Weekly_Newsletter|
=== 

* __Marché, Acquisitions__
** Marché : Services de chiffrement+++^*[»] 
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[À la découverte des services de chiffrement des fournisseurs cloud|https://www.lemagit.fr/essentialguide/A-la-decouverte-des-services-de-chiffrement-des-fournisseurs-cloud]] |Encryption|
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[Les services de chiffrement des fournisseurs cloud français|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-des-fournisseurs-cloud-francais]] |Encryption France|
|2020.11.10|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'IBM : Key Protect, Cloud HSM 7.0 et Hyper Crypto Services|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dIBM-Key-Protect-Cloud-HSM-70-et-Hyper-Crypto-Services]]|Encryption IBM_Cloud|
|2020.11.09|//Le Mag IT//[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de Microsoft : Azure Key Vault|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-Microsoft-Azure-Key-Vault]]|Encryption Azure|
=== 
** Acquisitions : //CloudAlly// par //Zix// • //IDMSense// par //Ernst & Young//+++^*[»] 
|2020.11.10|//BusinessWire//|[[Zix Acquires Leading Cloud-Based Backup and Recovery Provider CloudAlly|https://www.businesswire.com/news/home/20201109005607/en/Zix-Acquires-Leading-Cloud-Based-Backup-and-Recovery-Provider-CloudAlly]]|Acquisition|
|2020.11.10|MSSP Alert| → [[Zix Acquires CloudAlly for $30M; Converges Email Security and Cloud Backup|https://www.msspalert.com/investments/zix-acquires-cloudally-for-30m-converges-email-security-and-cloud-backup/]]|Acquisition|
|2020.11.06|EY Canada|[[EY Canada welcomes IDMSense to the firm to enhance Digital Identity solutions for clients|https://www.ey.com/en_ca/news/2020/11/ey-canada-welcomes-idmsense-to-the-firm-to-enhance-digital-identity-solutions-for-clients]]|Acquisition|
|2020.11.09|MSSP Alert| → [[Ernst & Young Acquires Cloud Identity Management Company IDMSense|https://www.msspalert.com/investments/ernst-young-buys-idmsense/]]|Acquisition|
=== 

* __Divers__
** Référentiel pour optimiser les Plans de Reprise+++^*[»] 
|2020.11.09|Homeland Security Newswire|[[Cloud-Based Framework Improves Efficiency in Disaster-Area Management|http://www.homelandsecuritynewswire.com/dr20201109-cloudbased-framework-improves-efficiency-in-disasterarea-management]]|Misc|
=== 
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KBF/|https://CloudSecurityAlliance.fr/go/KBF/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - November 9th to 15th, 2020
!!1 - CSA News and Updates - November 9th to 15th, 2020

* News: FIRST 2020 Conference, November 16th/18th+++*[»]> <<tiddler [[2020.11.11 - Actu : Conférence FIRST 2020 du 16 au 18 novembre 2020]]>>=== 
* Publication: 'Key Management when using Cloud Services'+++*[»]> <<tiddler [[2020.11.09 - Publication : 'Key Management when using Cloud Services']]>>=== 
* Blog: 'Seven Steps to defining the art of the possible in DevOps'+++*[»]> <<tiddler [[2020.11.13 - Blog : 'Seven Steps to defining the art of the possible in DevOps']]>>=== 
* Blog: 'California Privacy Rights Act: What Are the Consequences for Cloud Users?'+++*[»]> <<tiddler [[2020.11.13 - Blog : 'California Privacy Rights Act: What Are the Consequences for Cloud Users?']]>>=== 
* Blog: 'What is cloud security? How is it different from traditional on-premises network security?'+++*[»]> <<tiddler [[2020.11.09 - Blog : 'What is cloud security? How is it different from traditional on-premises network security?']]>>=== 
!!2 - Cloud and Security News Watch ([[over 110 links|2020.11.15 - Veille Hebdomadaire - 15 novembre]])

* __''Must read''__
** State of CSP's Encryption Services+++^*[»] 
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[À la découverte des services de chiffrement des fournisseurs cloud|https://www.lemagit.fr/essentialguide/A-la-decouverte-des-services-de-chiffrement-des-fournisseurs-cloud]] |Encryption|
=== 
** Kubernetes Maturity Model (//Fairwinds//)+++^*[»] 
|2020.11.10|//Fairwinds//|![[Kubernetes Maturity Model|https://www.fairwinds.com/kubernetes-maturity-model]] |K8s Maturity|
|2020.11.10|//Fairwinds//| → [[Fairwinds Introduces Industry-First End-to-End Kubernetes Maturity Model|https://vmblog.com/archive/2020/11/10/fairwinds-introduces-industry-first-end-to-end-kubernetes-maturity-model.aspx]]|K8s Maturity|
=== 
** Strategies For Remote Collections of Cloud Data(//Fairwinds//)+++^*[»] 
|2020.11.10|Forensics Focus|![[Best Strategies For Remote Collections Of Computer, Mobile And Cloud Data|https://www.forensicfocus.com/webinars/best-strategies-for-remote-collections-of-computer-mobile-and-cloud-data/]] ([[vidéo|https://www.youtube.com/watch?v=I0rCGRQTWZg]]) |Forensics|
=== 

* __Attacks, Incidents, Data Leaks, Outages__
** Attacks: Fake Microsoft Teams updates+++^*[»] 
|2020.11.09|Bleeping Computer|[[Fake Microsoft Teams updates lead to Cobalt Strike deployment|https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/]]|Teams Attacks|
=== 
** Leaks: Leaky AWS S3 Bucket Leads to Massive Data Leak+++^*[»] 
|2020.11.09|//Threatpost//|[[Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak|https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/]]|Data_Leak|
|2020.11.06|Web Site Planet| ← ''[[Report: Hotel Reservation Platform Leaves Millions of People Exposed in Massive Data Breach|https://www.websiteplanet.com/blog/prestige-soft-breach-report/]]''|Data_Leak|
|2020.11.10|Graham Cluley| → [[Millions of hotel guests worldwide have their private details exposed|https://grahamcluley.com/hotel-software-data-breach/]]|Data_Leak|
|2020.11.10|Dark Reading| → [[Hotels.com & Expedia Provider Exposes Millions of Guests' Data|https://www.darkreading.com/cloud/hotelscom-and-expedia-provider-exposes-millions-of-guests-data/d/d-id/1339407]]|Data_Leak|
|2020.11.10|Computer Weekly| → [[Leaky AWS S3 bucket once again at centre of data breach|https://www.computerweekly.com/news/252491842/Leaky-AWS-S3-bucket-once-again-at-centre-of-data-breach]]|Data_Leak|
=== 
** Outages: Microsoft Outage Affects OneDrive Users+++^*[»] 
|2020.11.11|Computer Weekly|[[Microsoft consumer cloud outage blights Outlook.com and OneDrive users|https://www.computerweekly.com/news/252491909/Microsoft-consumer-cloud-outage-blights-Outlookcom-and-OneDrive-users]]|Outage|
=== 

* __Risks, Threats, Vulnerabilities__
** Risks : Identification of Hidden Risks (World Economic Forum)+++^*[»] 
|2020.11.12|World Economic Forum|![[5 questions your business must answer to understand the hidden risks in the cloud|https://www.weforum.org/agenda/2020/11/business-risks-cloud-computing/]] |Risks|
=== 
** Threats: Preventing Exposed Azure Blob Storage (SANS) • Cloud-jacking • Muhstik, an IoT Botnet Infecting Cloud Servers+++^*[»] 
|2020.11.12|SANS ISC Handler|![[Preventing Exposed Azure Blob Storage|https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/]]|Azure Prevention|
|2020.11.12|SANS ISC Handler|![[Exposed Blob Storage in Azure|https://isc.sans.edu/forums/diary/Exposed+Blob+Storage+in+Azure/26784/]]|Azure Prevention|
|>|>|>|!|
|2020.11.10|//Webroot//|[[Getting to Know Cloudjacking and Cloud Mining Could Save Your Business|https://www.webroot.com/blog/2020/11/10/getting-to-know-cloudjacking-and-cloud-mining-could-save-your-business/]]|Attacks|
|2020.11.10|//TechGenix//|[[Cloud-jacking: An evolving and dangerous cybersecurity threat|http://techgenix.com/cloud-jacking/]]|Threats|
|>|>|>|!|
|2020.11.10|//Lacework//|[[Meet Muhstik - IoT Botnet Infecting Cloud Servers|https://www.lacework.com/meet-muhstik-iot-botnet-infecting-cloud-servers/]]|Botnet Attacks|
|2020.11.11|Bleeping Computer| → [[Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal|https://www.bleepingcomputer.com/news/security/chinese-linked-muhstik-botnet-targets-oracle-weblogic-drupal/]]|Botnet Attacks|
=== 
** Vulnerabilities: VoltPillager against Intel SGX Enclaves+++^*[»] 
|2020.11.11|Zitai Chen|[[VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface|https://zt-chen.github.io/voltpillager/]] ([[pdf|https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf]])|SGX Attacks|
|2020.11.14|The Register| → [[Stick a fork in SGX, it's done: Intel's cloud-server security defeated by $30 chip and electrical shenanigans|https://www.theregister.com/2020/11/14/intel_sgx_protection_broken/]]|SGX Attacks|
|2020.11.16|Security Week| → [[VoltPillager: New Hardware-Based Voltage Manipulation Attack Against Intel SGX|https://www.securityweek.com/voltpillager-new-hardware-based-voltage-manipulation-attack-against-intel-sgx]]|SGX Attacks|
=== 

* __Best Practices, and Detection__
** Best Practices: Security Implementation (//IBM//)+++^*[»] 
|2020.11.12|//Security Intelligence//|[[Implement Cloud Security Best Practices With This Guide|https://securityintelligence.com/articles/implement-cloud-security-best-practices/]]|Best_Practices|
=== 

* __Reports, Surveys, Studies, Publications__
** Reports: 'Kubernetes (K8s) Data Protection Report' (//Zettaset//) • '2020 Duo Trusted Access Report' (//Duo Security//) • 2020 update for 'Cloud-Native: The IaaS Adoption and Risk Report' (//MacAfee//)+++^*[»] 
|2020.11.12|//Zettaset//|[[New Research Confirms Enterprise Organizations Have Embraced Containers and Kubernetes but are Struggling to Properly Secure Data Stored in Cloud-Native Environments|https://vmblog.com/archive/2020/11/12/new-research-confirms-enterprise-organizations-have-embraced-containers-and-kubernetes-but-are-struggling-to-properly-secure-data-stored-in-cloud-native-environments.aspx]]|Report Kubernetes|
|2020.11.12|BetaNews| → [[Enterprises accelerate cloud transformation but struggle with security|https://betanews.com/2020/11/12/enterprises-cloud-transformation-struggle-security/]]|Report Kubernetes|
|2020.11.13|Help Net Security| → [[Enterprises embrace Kubernetes, but lack security tools to mitigate risk|https://www.helpnetsecurity.com/2020/11/13/enterprises-embrace-kubernetes-lack-security-tools/]]|Report Kubernetes|
|2020.11.10|//Duo Security//|[[2020 Duo Trusted Access Report|https://duo.com/resources/ebooks/the-2020-duo-trusted-access-report]]|Report|
|2020.11.10|Dark Reading| → [[Cloud Usage, Biometrics Surge As Remote Work Grows Permanent|https://www.darkreading.com/threat-intelligence/cloud-usage-biometrics-surge-as-remote-work-grows-permanent/d/d-id/1339413]]|Report|
|2020.11.10|Dark Reading|[[You're One Misconfiguration Away from a Cloud-Based Data Breach|https://www.darkreading.com/cloud/youre-one-misconfiguration-away-from-a-cloud-based-data-breach/a/d-id/1337464]]|Risks|
|2020.11|//MacAfee//| ← [[Cloud-Native: The Infrastructure-as-a-Service (IaaS) Adoption and Risk Report|https://cloudsecurity.mcafee.com/cloud/en-us/forms/white-papers/wp-cloud-adoption-risk-report-iaas.html]]|Report|
=== 

* __Cloud Services Providers, Tools__
** AWS: AWS Nitro Enclaves • Lightsail Containers • Securing Amazon WorkSpaces • Integrating CloudEndure Disaster Recovery+++^*[»] 
|2020.11.13|//Amazon AWS//|[[What is AWS Nitro Enclaves?|https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html]]|AWS Nitro Enclaves|
|2020.11.13|//Amazon AWS//|[[Lightsail Containers: An Easy Way to Run your Containers in the Cloud|https://aws.amazon.com/blogs/aws/lightsail-containers-an-easy-way-to-run-your-containers-in-the-cloud/]]|Containers|
|2020.11.11|//Amazon AWS//|[[How to secure your Amazon WorkSpaces for external users|https://aws.amazon.com/blogs/security/how-to-secure-your-amazon-workspaces-for-external-users/]]|AWS|
|2020.11.10|//Amazon AWS//|[[Integrating CloudEndure Disaster Recovery into your security incident response plan|https://aws.amazon.com/blogs/security/integrating-cloudendure-disaster-recovery-into-your-security-incident-response-plan/]]|AWS DRP|
=== 
** Azure: Long Term Retention of Azure Sentinel Logs • New DNS Features in Azure Firewall+++^*[»] 
|2020.11.13|//Microsoft Azure//|[[Using Azure Data Explorer for long term retention of Azure Sentinel logs|https://techcommunity.microsoft.com/t5/azure-sentinel/using-azure-data-explorer-for-long-term-retention-of-azure/ba-p/1883947]]|Azure_Sentinel Logging|
|2020.11.09|//Microsoft Azure//|[[New enhanced DNS features in Azure Firewall - now generally available|https://azure.microsoft.com/blog/new-enhanced-dns-features-in-azure-firewall-now-generally-available/]]|Azure DNS|
=== 
** GCP: Ensuring High Availability • Anthos Developer Sandbox • Connecting to Google CE VMs+++^*[»] 
|2020.11.13|//Google Cloud//|[[It's not DNS: Ensuring high availability in a hybrid cloud environment|https://cloud.google.com/blog/products/networking/create-a-highly-available-hybrid-cloud-dns-configuration]]|GCP DNS|
|2020.11.13|//Google Cloud//|[[Introducing the Anthos Developer Sandbox - free with a Google account|https://cloud.google.com/blog/topics/anthos/introducing-the-anthos-developer-sandbox/]]|GCP Anthos|
|2020.11.10|//Google Cloud//|[[Connecting Securely to Google Compute Engine VMs without a Public IP or VPN|https://medium.com/google-cloud/connecting-securely-to-google-compute-engine-vms-without-a-public-ip-or-vpn-720e53d1978e]]|GCP VMs|
=== 
** OVH Cloud: Co-building Cloud Services with Google Cloud+++^*[»] 
|2020.11.09|Le Mag IT[>img[iCSF/flag_fr.png]]|[[OVHcloud en route pour devenir l'alternative européenne à AWS|https://www.lemagit.fr/actualites/252491753/OVHcloud-en-route-pour-devenir-lalternative-europeenne-a-AWS]]|OVHcloud GCP Europe|
|2020.11.09|Silicon[>img[iCSF/flag_fr.png]]|[[OVHcloud : un levier souverain pour Google Cloud en Europe|https://www.silicon.fr/ovhcloud-levier-souverain-google-cloud-europe-351107.html]]|OVHcloud GCP Europe|
|2020.11.10|Computer Weekly| → [[Google and OVHcloud to bring co-built cloud services to European enterprises|https://www.computerweekly.com/news/252491823/Google-and-OVHcloud-to-bring-co-built-cloud-services-to-European-enterprises]]|OVHcloud GCP Europe|
|2020.11.11|The Register| → [[Cutting the ties: European hosting provider OVHCloud to offer Google Anthos, no Google account needed|https://www.theregister.com/2020/11/11/european_hosting_provider_ovhcloud_will/]]|OVHcloud GCP Europe|
=== 
** Kubernetes: Threat Vectors: Part 3 - Persistence (//Alcide//) • Error Codes • Maturity Model (//Fairwinds//)+++^*[»] 
|2020.11.12|//Alcide//|![[Kubernetes Threat Vectors: Part 3 - Persistence|https://www.alcide.io/kubernetes-threat-vectors-part-3-persistence]] (3/11) |Kubernetes Threats|
|2020.11.11|//Build5Nines//|[[Fix Kubernetes Dashboard Strange 401 Unauthorized, 503 Service Unavailable Errors|https://build5nines.com/fix-kubernetes-dashboard-strange-401-unauthorized-503-service-unavailable-errors/]]|K8s|
|2020.11.10|//Fairwinds//|![[Kubernetes Maturity Model|https://www.fairwinds.com/kubernetes-maturity-model]] |K8s Maturity|
|2020.11.10|//Fairwinds//| → [[Fairwinds Introduces Industry-First End-to-End Kubernetes Maturity Model|https://vmblog.com/archive/2020/11/10/fairwinds-introduces-industry-first-end-to-end-kubernetes-maturity-model.aspx]]|K8s Maturity|
=== 
** Tools: Leonidas (Attack Simulation) • OpenCSPM (CSPM)+++^*[»] 
|2020.11.12|KitPloit|[[Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases|https://www.kitploit.com/2020/11/leonidas-automated-attack-simulation-in.html]]|Tools Simulation|
|2020.11.12|//Darkbit//|[[Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform|https://darkbit.io/blog/announcing-opencspm]]|CSPM|
=== 

* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Podcasts: 'Open Source AWS Security' (Cloud Security Podcast) • 'Cloud Attack Vectors' (SilverLining)+++^*[»] 
|2020.11.15|Cloud Security Podcast|[[Open Source AWS Security - Matthew Fuller, co-Founder CloudSploit, Aqua|https://anchor.fm/cloudsecuritypodcast/episodes/OPEN-SOURCE-AWS-SECURITY---MATTHEW-FULLER--co-Founder-CloudSploit--Aqua-emgb3q]]|Podcast|
|2020.11.11|SilverLining Podcast|![[Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC|https://silverlining-il.castos.com/episodes/episode-28-analyzing-cloud-attack-vectors-saas-marketplaces-and-office-365-bec]] ([[mp3|https://episodes.castos.com/5e4aaf232467c1-76191533/silverlining-podcast-%D7%A2%D7%95%D7%A4%D7%A8-%D7%9E%D7%90%D7%95%D7%A8.mp3]]) |Podcast|
=== 
** Newsletters: TL;DR Security #60 • The Cloud Security Reading List #63+++^*[»] 
|2020.11.15|Marco Lancini|[[The Cloud Security Reading List #63|https://cloudseclist.com/issues/issue-63/]] |Weekly_Newsletter|
|2020.11.11|TL;DR Security|[[#60 - Cartography + IAM, Security Scorecard, Self-service Security|https://tldrsec.com/blog/tldr-sec-060/]] |Weekly_Newsletter|
=== 

* __Market, Acquisitions__
** Market: Encryption Services+++^*[»] 
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[À la découverte des services de chiffrement des fournisseurs cloud|https://www.lemagit.fr/essentialguide/A-la-decouverte-des-services-de-chiffrement-des-fournisseurs-cloud]] |Encryption|
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[Les services de chiffrement des fournisseurs cloud français|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-des-fournisseurs-cloud-francais]] |Encryption France|
|2020.11.10|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'IBM : Key Protect, Cloud HSM 7.0 et Hyper Crypto Services|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dIBM-Key-Protect-Cloud-HSM-70-et-Hyper-Crypto-Services]]|Encryption IBM_Cloud|
|2020.11.09|//Le Mag IT//[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de Microsoft : Azure Key Vault|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-Microsoft-Azure-Key-Vault]]|Encryption Azure|
=== 
** Acquisitions: //CloudAlly// by //Zix// • //IDMSense// by //Ernst & Young//+++^*[»] 
|2020.11.10|//BusinessWire//|[[Zix Acquires Leading Cloud-Based Backup and Recovery Provider CloudAlly|https://www.businesswire.com/news/home/20201109005607/en/Zix-Acquires-Leading-Cloud-Based-Backup-and-Recovery-Provider-CloudAlly]]|Acquisition|
|2020.11.10|MSSP Alert| → [[Zix Acquires CloudAlly for $30M; Converges Email Security and Cloud Backup|https://www.msspalert.com/investments/zix-acquires-cloudally-for-30m-converges-email-security-and-cloud-backup/]]|Acquisition|
|2020.11.06|EY Canada|[[EY Canada welcomes IDMSense to the firm to enhance Digital Identity solutions for clients|https://www.ey.com/en_ca/news/2020/11/ey-canada-welcomes-idmsense-to-the-firm-to-enhance-digital-identity-solutions-for-clients]]|Acquisition|
|2020.11.09|MSSP Alert| → [[Ernst & Young Acquires Cloud Identity Management Company IDMSense|https://www.msspalert.com/investments/ernst-young-buys-idmsense/]]|Acquisition|
=== 

* __Miscellaneous__
** Framework Improving Efficiency in Disaster-Area Management+++^*[»] 
|2020.11.09|Homeland Security Newswire|[[Cloud-Based Framework Improves Efficiency in Disaster-Area Management|http://www.homelandsecuritynewswire.com/dr20201109-cloudbased-framework-improves-efficiency-in-disasterarea-management]]|Misc|
=== 
** Forensics: Best Strategies For Remote Collections+++^*[»] 
|2020.11.10|Forensics Focus|![[Best Strategies For Remote Collections Of Computer, Mobile And Cloud Data|https://www.forensicfocus.com/webinars/best-strategies-for-remote-collections-of-computer-mobile-and-cloud-data/]] ([[vidéo|https://www.youtube.com/watch?v=I0rCGRQTWZg]]) |Forensics|
=== 
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KBF/|https://CloudSecurityAlliance.fr/go/KBF/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 9 au 15 novembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>=== 
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|>|>|>|''Incidents'' |
|>|>|>|''Fuites de données / Leaks'' |
|>|>|>|''Pannes / Outages'' |
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|>|>|>|''Menaces / Threats'' |
|2020.11.10|Dark Reading|[[You're One Misconfiguration Away from a Cloud-Based Data Breach|https://www.darkreading.com/cloud/youre-one-misconfiguration-away-from-a-cloud-based-data-breach/a/d-id/1337464]]|Risks|
|2020.11|//MacAfee//| ← [[Cloud-Native: The Infrastructure-as-a-Service (IaaS) Adoption and Risk Report|https://cloudsecurity.mcafee.com/cloud/en-us/forms/white-papers/wp-cloud-adoption-risk-report-iaas.html]]|Report|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|>|>|>|''Protection'' |
|>|>|>|''Protection'' |
|>|>|>|''Détection / Detection'' |
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|>|>|>|''Sondages / Surveys'' |
|>|>|>|''Études / Studies'' |
|>|>|>|''Publications'' |
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.11.10|//Amazon AWS//|[[Integrating CloudEndure Disaster Recovery into your security incident response plan|https://aws.amazon.com/blogs/security/integrating-cloudendure-disaster-recovery-into-your-security-incident-response-plan/]]|AWS DRP|
|2020.11.10|//Amazon AWS//|[[Introducing AWS Gateway Load Balancer - Easy Deployment, Scalability, and High Availability for Partner Appliances|https://aws.amazon.com/blogs/aws/introducing-aws-gateway-load-balancer-easy-deployment-scalability-and-high-availability-for-partner-appliances/]]|AWS Gateway|
|2020.11.11|//Amazon AWS//|[[How to secure your Amazon WorkSpaces for external users|https://aws.amazon.com/blogs/security/how-to-secure-your-amazon-workspaces-for-external-users/]]|AWS|
|2020.11.12|//Amazon AWS//|[[Combining encryption and signing with AWS KMS asymmetric keys|https://aws.amazon.com/blogs/security/combining-encryption-and-signing-with-aws-asymmetric-keys/]]|AWS KMS|
|2020.11.13|//Amazon AWS//|[[What is AWS Nitro Enclaves?|https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html]]|AWS Nitro Enclaves|
|2020.11.13|//Amazon AWS//|[[AWS Lambda now makes it easier to send logs to custom destinations|https://aws.amazon.com/about-aws/whats-new/2020/11/aws-lambda-send-logs-custom-destinations/]]|AWS_Lambda Logging|
|2020.11.13|//Amazon AWS//|[[Lightsail Containers: An Easy Way to Run your Containers in the Cloud|https://aws.amazon.com/blogs/aws/lightsail-containers-an-easy-way-to-run-your-containers-in-the-cloud/]]|Containers|
|2020.11.13|//Aon//|[[See ya in S3!|https://www.aon.com/cyber-solutions/aon_cyber_labs/cyber-labs-blog-see-ya-in-s3/?_lrsc=5ae780d0-f52e-4c16-9ccd-8b98dc2419fe]]|
|>|>|>|''Azure (Microsoft)'' |
|2020.11.12|Christophe Parisel|![[A new detection model for Azure Sentinel|https://www.linkedin.com/pulse/improve-detection-scale-azure-sentinel-christophe-parisel/]] (2/3) |Azure_Sentinel|
|2020.11.12|SANS Handlers Diary|![[Preventing Exposed Azure Blob Storage|https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/]] |
|2020.11.13|//Microsoft Azure//|[[Using Azure Data Explorer for long term retention of Azure Sentinel logs|https://techcommunity.microsoft.com/t5/azure-sentinel/using-azure-data-explorer-for-long-term-retention-of-azure/ba-p/1883947]]|Azure_Sentinel Logging|
|2020.11.11|//Microsoft Azure//|[[AWS to Azure services comparison|https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services]]|Comparison Azure AWS|
|2020.11.09|//Microsoft Azure//|[[New enhanced DNS features in Azure Firewall - now generally available|https://azure.microsoft.com/blog/new-enhanced-dns-features-in-azure-firewall-now-generally-available/]]|Azure DNS|
|2020.11.09|//Microsoft Azure//|[[Advancing global network reliability through intelligent software - part 1 of 2|https://azure.microsoft.com/blog/advancing-global-network-reliability-through-intelligent-software-part-1-of-2/]] (1/2)|Azure Reliability|
|>|>|>|''GCP (Google)'' |
|2020.11.13|//Google Cloud//|[[It's not DNS: Ensuring high availability in a hybrid cloud environment|https://cloud.google.com/blog/products/networking/create-a-highly-available-hybrid-cloud-dns-configuration]]|GCP DNS|
|2020.11.13|//Google Cloud//|[[Introducing the Anthos Developer Sandbox - free with a Google account|https://cloud.google.com/blog/topics/anthos/introducing-the-anthos-developer-sandbox/]]|GCP Anthos|
|2020.11.10|//Google Cloud//|[[Connecting Securely to Google Compute Engine VMs without a Public IP or VPN|https://medium.com/google-cloud/connecting-securely-to-google-compute-engine-vms-without-a-public-ip-or-vpn-720e53d1978e]]|GCP VMs|
|>|>|>|''Oracle'' |
|2020.11.12|//Oracle Cloud//|[[Oracle Cloud Infrastructure Should Be on Your Short List of Cloud Service Providers|https://blogs.oracle.com/cloudsecurity/oracle-cloud-infrastructure-should-be-on-your-short-list-of-cloud-service-providers]]|Products|
|>|>|>|''Kubernetes'' |
|>|>|>|''Docker'' |
|>|>|>|''Containers'' |
|>|>|>|''Workloads'' |
|>|>|>|''Outils / Tools'' |
|2020.11.15|DZone|[[Magic, a DIY Cloud System|https://dzone.com/articles/diy-cloud-systems]] ([[vidéo|https://www.youtube.com/watch?v=ATbirl4ZRYA]])|RaspberryPi|
|2020.11.15|Port Swigger|![[O365 Squatting: Open source tool finds malicious cloud-hosted domains before they're used in phishing campaigns|https://portswigger.net/daily-swig/o365-squatting-open-source-tool-finds-malicious-cloud-hosted-domains-before-theyre-used-in-phishing-campaigns]] |Tools|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Conférences / Conferences'' |
|>|>|>|''Podcasts'' |
|2020.11.15|Cloud Security Podcast|[[Open Source AWS Security - Matthew Fuller, co-Founder CloudSploit, Aqua|https://anchor.fm/cloudsecuritypodcast/episodes/OPEN-SOURCE-AWS-SECURITY---MATTHEW-FULLER--co-Founder-CloudSploit--Aqua-emgb3q]]|Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2020.11.15|Marco Lancini|[[The Cloud Security Reading List #63|https://cloudseclist.com/issues/issue-63/]] |Weekly_Newsletter|
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|''Juridique / Legal'' |
|>|>|>|''Réglementation / Regulatory'' |
|>|>|>|''Conformité / Compliance'' |
|2020.11.12|//Hogan Lovells//|[[EDPB issues comprehensive Schrems II guidance, including supplemental measures for data transfers|https://www.engage.hoganlovells.com/knowledgeservices/news/edpb-issues-comprehensive-schrems-ii-guidance-including-recommended-supplemental-measures-to-protect-international-data-transfers/]]|Privacy Europe|
|2020.11.11|EDPB|![[European Data Protection Board - 41st Plenary session: EDPB adopts recommendations on supplementary measures following Schrems II|https://edpb.europa.eu/news/news/2020/european-data-protection-board-41st-plenary-session-edpb-adopts-recommendations_en]] |Privacy Europe|
|2020.07.16|//Hogan Lovells//|[[Schrems II: Privacy Shield invalidated and Standard Contractual Clauses under scrutiny|https://www.engage.hoganlovells.com/knowledgeservices/news/schrems-ii-privacy-shield-invalidated-and-standard-contractual-clauses-under-scrutiny]]|Privacy Europe|
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|>|>|>|''Acquisitions'' |
|2020.12.11|TechIncidents|[[Salesforce To Acquire Slack In $27.7 Billion Deal|https://techincidents.com/salesforce-acquire-slack/]]|Acquisition|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''APIs'' |
|>|>|>|''DNS / BGP / NTP'' |
|2020.11.13|//Cloudflare//|[[SAD DNS Explained|https://blog.cloudflare.com/sad-dns-explained/]]|!DNS|
|>|>|>|''Privacy Shield'' |
|>|>|>|''SASE'' |
|>|>|>|''Autres / Others'' |
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.11.13|
|2020.11.13|Secure Cloud Blog|[[Securing Azure Lighthouse with Azure Policy and Azure Privileged Identity Management for MSP's and customers|https://securecloud.blog/2020/11/13/securing-azure-lighthouse-with-azure-policy-and-azure-privileged-identity-management-for-msps-and-customers/]]|
|2020.11.13|DZone|[[Monitoring Your Kubernetes Cluster the Right Way|https://dzone.com/articles/monitoring-your-kubernetes-cluster-the-right-way]]|K8s|
|2020.11.13|//Help Net Security//|[[Uptycs enhances detection and investigation for on-premises and cloud workloads|https://www.helpnetsecurity.com/2020/11/13/uptycs-enhances-detection-and-investigation/]]|Products Forensics|
|2020.11.13|//Cloudcheckr//|[[How to Build Your Secure Cloud Architecture|https://cloudcheckr.com/cloud-security/build-secure-public-cloud-architecture/]]|Architecture|
|2020.11.13|//Avanan//|[[Why 1+1=0: Turn Mimecast Off to Improve Your Microsoft 365 Security|https://www.avanan.com/blog/why-110-turn-mimecast-off-to-improve-your-microsoft-365-security]]|M365 Architecture|
|2020.11.13|//Netskope//|[[Here Comes TroubleGrabber: Stealing Credentials Through Discord|https://www.netskope.com/blog/here-comes-troublegrabber-stealing-credentials-through-discord]]|Tools Attack|
|2020.11.13|//Tufin//|[[How to Avoid Paying Ransom Due to Your Cloud Security Vendor|https://www.tufin.com/blog/avoid-paying-ransom-cloud-security-vendor]]|Misc|
|>|>|>|!2020.11.12|
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[À la découverte des services de chiffrement des fournisseurs cloud|https://www.lemagit.fr/essentialguide/A-la-decouverte-des-services-de-chiffrement-des-fournisseurs-cloud]] |Encryption|
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[Les services de chiffrement des fournisseurs cloud français|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-des-fournisseurs-cloud-francais]] |Encryption France|
|2020.11.12|SANS ISC Handler|![[Preventing Exposed Azure Blob Storage|https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/]]|Azure Prevention|
|2020.11.12|SANS ISC Handler|![[Exposed Blob Storage in Azure|https://isc.sans.edu/forums/diary/Exposed+Blob+Storage+in+Azure/26784/]]|Azure Prevention|
|2020.11.12|World Economic Forum|![[5 questions your business must answer to understand the hidden risks in the cloud|https://www.weforum.org/agenda/2020/11/business-risks-cloud-computing/]] |Risks|
|2020.11.12|Sandrino Di Mattia|[[Deploying changes to your Auth0 accounts with GitHub Actions|https://sandrino.dev/blog/github-actions-deploy-auth0]]|Authentication|
|2020.11.12|Thomas Maurer|[[Connect a Hybrid Server to Azure using Azure Arc|https://www.thomasmaurer.ch/2020/11/connect-a-hybrid-server-to-azure-using-azure-arc/]]|Azure_Arc|
|2020.11.12|JD Supra Law|[[Minimizing Risk with Amazon Web Services|https://www.jdsupra.com/legalnews/minimizing-risk-with-amazon-web-services-78005/]]|AWS Risks|
|2020.11.12|The Register|[[Kids' gaming website Animal Jam breached after miscreants spot private AWS key on pwned Slack channel|https://www.theregister.com/2020/11/12/animal_jam_breached/]]|Data_Leak AWS|
|2020.11.12|KitPloit|[[Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases|https://www.kitploit.com/2020/11/leonidas-automated-attack-simulation-in.html]]|Tools Simulation|
|2020.11.12|//RhinoSecurity Labs//|[[CloudGoat ECS_EFS_Attack Walkthrough - Introduction to Simulated AWS Attacks|https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/]]|AWS|
|2020.11.12|//Alcide//|![[Kubernetes Threat Vectors: Part 3 - Persistence|https://www.alcide.io/kubernetes-threat-vectors-part-3-persistence]] (3/11) |Kubernetes Threats|
|2020.11.12|//Zettaset//|[[New Research Confirms Enterprise Organizations Have Embraced Containers and Kubernetes but are Struggling to Properly Secure Data Stored in Cloud-Native Environments|https://vmblog.com/archive/2020/11/12/new-research-confirms-enterprise-organizations-have-embraced-containers-and-kubernetes-but-are-struggling-to-properly-secure-data-stored-in-cloud-native-environments.aspx]]|Report Kubernetes|
|2020.11.12|BetaNews| → [[Enterprises accelerate cloud transformation but struggle with security|https://betanews.com/2020/11/12/enterprises-cloud-transformation-struggle-security/]]|Report Kubernetes|
|2020.11.13|Help Net Security| → [[Enterprises embrace Kubernetes, but lack security tools to mitigate risk|https://www.helpnetsecurity.com/2020/11/13/enterprises-embrace-kubernetes-lack-security-tools/]]|Report Kubernetes|
|2020.11.12|//Security Intelligence//|[[Implement Cloud Security Best Practices With This Guide|https://securityintelligence.com/articles/implement-cloud-security-best-practices/]]|Best_Practices|
|2020.11.12|//Security Intelligence//|[[Data Security: Building for Today's Hybrid Cloud World|https://securityintelligence.com/posts/modern-data-security-architecture-building-hybrid-cloud/]]|Hybrid_Cloud|
|2020.11.12|//Netskope//|[[SASE and the Forces Shaping Digital Transformation Part 2: Organizational Culture & Adversaries and Threats|https://www.netskope.com/blog/sase-and-the-forces-shaping-digital-transformation-part-2-organizational-culture-adversaries-and-threats]] (2/3)|SASE|
|2020.11.12|//Qualys//|[[Securing Cloud and Container Workloads: A View From the Trenches|https://blog.qualys.com/product-tech/2020/11/12/securing-cloud-and-container-workloads-a-view-from-the-trenches]]|Containers|
|2020.11.12|//StackRox//|[[What is CNCF's CKS Exam and What is Covered?|https://www.stackrox.com/post/2020/11/what-is-cncf-certified-kubernetes-security-specialist-cks-exam-and-what-is-covered/]]|Certification Kubernetes|
|2020.11.12|//Fugue//|[[Sonatype and Fugue Partner to Shift Cloud Security Left and Ensure Continuous Policy Compliance|https://www.fugue.co/press/releases/sonatype-and-fugue-partner-to-shift-cloud-security-left-and-ensure-continuous-policy-compliance]]|Products|
|2020.11.12|//Fugue//| → [[Our Partnership with Sonatype: Securing the Modern Cloud Attack Surface|https://www.fugue.co/blog/fugue-and-sonatype]]|Products|
|2020.11.12|//Sonatype//| → [[Open Source and Cloud Security Together at Last|https://blog.sonatype.com/sonatype-and-fugue]]|Products|
|2020.11.12|//Darkbit//|[[Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform|https://darkbit.io/blog/announcing-opencspm]]|CSPM|
|>|>|>|!2020.11.11|
|2020.11.11|TL;DR Security|[[#60 - Cartography + IAM, Security Scorecard, Self-service Security|https://tldrsec.com/blog/tldr-sec-060/]] |Weekly_Newsletter|
|2020.11.11|SilverLining Podcast|![[Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC|https://silverlining-il.castos.com/episodes/episode-28-analyzing-cloud-attack-vectors-saas-marketplaces-and-office-365-bec]] ([[mp3|https://episodes.castos.com/5e4aaf232467c1-76191533/silverlining-podcast-%D7%A2%D7%95%D7%A4%D7%A8-%D7%9E%D7%90%D7%95%D7%A8.mp3]]) |Podcast|
|2020.11.11|Computer Weekly|[[Microsoft consumer cloud outage blights Outlook.com and OneDrive users|https://www.computerweekly.com/news/252491909/Microsoft-consumer-cloud-outage-blights-Outlookcom-and-OneDrive-users]]|Outage|
|2020.11.11|Computer Weekly|[[How do VPN vs. cloud services compare for remote work?|https://searchnetworking.techtarget.com/answer/How-do-VPN-vs-cloud-services-compare-for-remote-work]]|WFH VPN|
|2020.11.11|Hack a Day|[[Linux Fu: Send in the (Cloud) Clones|https://hackaday.com/2020/11/10/linux-fu-send-in-the-cloud-clones/]]|Misc|
|2020.11.11|Zitai Chen|[[VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface|https://zt-chen.github.io/voltpillager/]] ([[pdf|https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf]])|SGX Attacks|
|2020.11.14|The Register| → [[Stick a fork in SGX, it's done: Intel's cloud-server security defeated by $30 chip and electrical shenanigans|https://www.theregister.com/2020/11/14/intel_sgx_protection_broken/]]|SGX Attacks|
|2020.11.16|Security Week| → [[VoltPillager: New Hardware-Based Voltage Manipulation Attack Against Intel SGX|https://www.securityweek.com/voltpillager-new-hardware-based-voltage-manipulation-attack-against-intel-sgx]]|SGX Attacks|
|2020.11.11|Last Week in AWS|[[Why AWS Announces Regions in Advance|https://www.lastweekinaws.com/blog/why-aws-announces-regions-in-advance/]]|AWS Regions|
|2020.11.11|//pCloud//|[[Europeans don't trust US tech giants with their data|https://betanews.com/2020/11/11/europeans-dont-trust-us-tech-giants/]]|Survey|
|2020.11.12|CISO Mag| → [[Why Europeans Don't Trust U.S. Organizations with their Data|https://cisomag.eccouncil.org/why-europeans-dont-trust-u-s-organizations-with-their-data/]]|Survey|
|2020.11.11|Cloud Native Computing Foundation|[[The top Kubernetes APIs for cloud-native observability, part 1: the Kubernetes metrics, service, & container APIs|https://www.cncf.io/blog/2020/11/11/the-top-kubernetes-apis-for-cloud-native-observability-part-1-the-kubernetes-metrics-service-container-apis/]] (1/7)|K8s|
|2020.11.11|//Cloudonaut//|[[Comparing API Gateways on AWS|https://cloudonaut.io/comparing-api-gateways-on-aws/]]|APIs AWS|
|2020.11.11|//Build5Nines//|[[Fix Kubernetes Dashboard Strange 401 Unauthorized, 503 Service Unavailable Errors|https://build5nines.com/fix-kubernetes-dashboard-strange-401-unauthorized-503-service-unavailable-errors/]]|K8s|
|2020.11.11|//Rapid7//|[[2021 Detection and Response Planning, Part 4: Planning for Success with a Cloud SIEM|https://blog.rapid7.com/2020/11/11/2021-detection-and-response-planning-part-4-planning-for-success-with-a-cloud-siem/]]|SIEM|
|>|>|>|!2020.11.10|
|2020.11.10|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'IBM : Key Protect, Cloud HSM 7.0 et Hyper Crypto Services|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dIBM-Key-Protect-Cloud-HSM-70-et-Hyper-Crypto-Services]]|Encryption IBM_Cloud|
|2020.11.10|Brian Christner|[[How to use Docker Security Scan Locally|https://brianchristner.io/how-to-use-docker-scan/]]|Docker Scan|
|2020.11.10|Forensics Focus|![[Best Strategies For Remote Collections Of Computer, Mobile And Cloud Data|https://www.forensicfocus.com/webinars/best-strategies-for-remote-collections-of-computer-mobile-and-cloud-data/]] ([[vidéo|https://www.youtube.com/watch?v=I0rCGRQTWZg]]) |Forensics|
|2020.11.10|DevOps|[[Achieve Cloud Resilience Through Systematic (and Chaotic) Testing|https://devops.com/achieve-cloud-resilience-through-systematic-and-chaotic-testing/]]|Testing Resilience|
|2020.11.10|Container Journal|[[Using Machine Learning and Kubernetes Logs to Automate Security Threat Detection|https://containerjournal.com/topics/container-security/using-machine-learning-and-kubernetes-logs-to-automate-security-threat-detection/]]|K8s Detection|
|2020.11.10|CSO Online|[[Developing a multicloud security strategy|https://www.csoonline.com/article/3587799/developing-a-multicloud-security-strategy.html]]|Multicloud|
|2020.11.10|CSO Online|[[Cloud Security Topics: Using Network Threat Protection to Decrease Vulnerability|https://www.csoonline.com/article/3591583/cloud-security-topics-using-network-threat-protection-to-decrease-vulnerability.html]]|Network Protection|
|2020.11.10|GBHackers On Security|[[A Hacker's Perspective: How Easy it is to Steal Data Through Consumer Cloud Services|https://gbhackers.com/a-hackers-perspective-how-easy-it-is-to-steal-data-through-consumer-cloud-services/]]|Threats|
|2020.11.10|//Fairwinds//|![[Kubernetes Maturity Model|https://www.fairwinds.com/kubernetes-maturity-model]] |K8s Maturity|
|2020.11.10|//Fairwinds//| → [[Fairwinds Introduces Industry-First End-to-End Kubernetes Maturity Model|https://vmblog.com/archive/2020/11/10/fairwinds-introduces-industry-first-end-to-end-kubernetes-maturity-model.aspx]]|K8s Maturity|
|2020.11.10|//Duo Security//|[[2020 Duo Trusted Access Report|https://duo.com/resources/ebooks/the-2020-duo-trusted-access-report]]|Report|
|2020.11.10|Dark Reading| → [[Cloud Usage, Biometrics Surge As Remote Work Grows Permanent|https://www.darkreading.com/threat-intelligence/cloud-usage-biometrics-surge-as-remote-work-grows-permanent/d/d-id/1339413]]|Report|
|2020.11.10|//StakRox//|[[OpenShift Networking and Cluster Access Best Practices|https://www.stackrox.com/post/2020/11/openshift-networking-and-cluster-access-best-practices/]] (2/5)|Openshift Best_Practices|
|2020.11.10|//Webroot//|[[Getting to Know Cloudjacking and Cloud Mining Could Save Your Business|https://www.webroot.com/blog/2020/11/10/getting-to-know-cloudjacking-and-cloud-mining-could-save-your-business/]]|Attacks|
|2020.11.10|//TechGenix//|[[Cloud-jacking: An evolving and dangerous cybersecurity threat|http://techgenix.com/cloud-jacking/]]|Threats|
|2020.11.10|//Crowdstrike//|[[Blind Spots in the Cloud|https://www.crowdstrike.com/blog/beware-blind-spots-in-the-cloud/]]|Visibility AWS GCP|
|2020.11.10|//Lacework//|[[Meet Muhstik - IoT Botnet Infecting Cloud Servers|https://www.lacework.com/meet-muhstik-iot-botnet-infecting-cloud-servers/]]|Botnet Attacks|
|2020.11.11|Bleeping Computer| → [[Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal|https://www.bleepingcomputer.com/news/security/chinese-linked-muhstik-botnet-targets-oracle-weblogic-drupal/]]|Botnet Attacks|
|2020.11.10|//OpenText//|[[OpenText brings Digital Investigation to the Cloud with Microsoft Azure|https://vmblog.com/archive/2020/11/10/opentext-brings-digital-investigation-to-the-cloud-with-microsoft-azure.aspx]]|Azure Forensics|
|2020.11.10|//Divvy Cloud//|[[Amazon Web Services Identity and Access Management, by the Numbers|https://divvycloud.com/how-divvycloud-by-rapid-7-keeps-customer-clouds-out-of-the-news/]]|AWS IAM|
|2020.11.10|//Help Net security//|[[Remove excessive cloud permissions with CyberArk Cloud Entitlements Manager|https://www.helpnetsecurity.com/2020/11/10/cyberark-cloud-entitlements-manager/]]|Products CyberArk|
|2020.11.10|//BusinessWire//|[[Zix Acquires Leading Cloud-Based Backup and Recovery Provider CloudAlly|https://www.businesswire.com/news/home/20201109005607/en/Zix-Acquires-Leading-Cloud-Based-Backup-and-Recovery-Provider-CloudAlly]]|Acquisition|
|2020.11.10|MSSP Alert| → [[Zix Acquires CloudAlly for $30M; Converges Email Security and Cloud Backup|https://www.msspalert.com/investments/zix-acquires-cloudally-for-30m-converges-email-security-and-cloud-backup/]]|Acquisition|
|2020.11.10|//Anchore//|[[Enforcing the DoD Container Image and Deployment Guide with Anchore Federal|https://anchore.com/blog/enforcing-the-dod-container-image-and-deployment-guide-with-anchore-federal/]]|DevSecOps Containers|
|2020.11.10|//Weave Works//|[[Part 2 - Distributed Systems, Disaster Recovery and GitOps|https://www.weave.works/blog/part-2-distributed-systems-disaster-recovery-and-gitops]] (2/2)|DRP GitOps|
|>|>|>|!2020.11.09|
|2020.11.09|Bleeping Computer|[[Fake Microsoft Teams updates lead to Cobalt Strike deployment|https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/]]|Teams Attacks|
|2020.11.09|DC Velocity|[[8 Valuable Tips for Securing your Data on the Cloud in 2020|https://www.dcvelocity.com/articles/47909-8-valuable-tips-for-securing-your-data-on-the-cloud-in-2020]]|Tips|
|2020.11.09|Le Mag IT[>img[iCSF/flag_fr.png]]|[[OVHcloud en route pour devenir l'alternative européenne à AWS|https://www.lemagit.fr/actualites/252491753/OVHcloud-en-route-pour-devenir-lalternative-europeenne-a-AWS]]|OVHcloud GCP Europe|
|2020.11.09|Silicon[>img[iCSF/flag_fr.png]]|[[OVHcloud : un levier souverain pour Google Cloud en Europe|https://www.silicon.fr/ovhcloud-levier-souverain-google-cloud-europe-351107.html]]|OVHcloud GCP Europe|
|2020.11.10|Computer Weekly| → [[Google and OVHcloud to bring co-built cloud services to European enterprises|https://www.computerweekly.com/news/252491823/Google-and-OVHcloud-to-bring-co-built-cloud-services-to-European-enterprises]]|OVHcloud GCP Europe|
|2020.11.11|The Register| → [[Cutting the ties: European hosting provider OVHCloud to offer Google Anthos, no Google account needed|https://www.theregister.com/2020/11/11/european_hosting_provider_ovhcloud_will/]]|OVHcloud GCP Europe|
|2020.11.09|Sami Lamppu|[[Send Azure AD Identity Protection Events To 3rd Party SIEM|https://samilamppu.com/2020/11/09/send-azure-ad-identity-protection-events-to-3rd-party-siem/]]|AzureAD SIEM|
|2020.11.09|Security and Cloud 24/7|[[Why not just have DevOps without the Sec?|https://security-24-7.com/why-not-just-have-devops-without-the-sec/]]|DevSecOps|
|2020.11.09|OWASP|[[Update Docker_Security_Cheat_Sheet.md|https://github.com/OWASP/CheatSheetSeries/pull/505]]|Docker|
|2020.11.09|Homeland Security Newswire|[[Cloud-Based Framework Improves Efficiency in Disaster-Area Management|http://www.homelandsecuritynewswire.com/dr20201109-cloudbased-framework-improves-efficiency-in-disasterarea-management]]|Misc|
|2020.11.09|//Le Mag IT//[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de Microsoft : Azure Key Vault|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-Microsoft-Azure-Key-Vault]]|Encryption Azure|
|2020.11.09|//Alcide//|[[Kubernetes Security Is Not Container Security|https://blog.alcide.io/kubernetes-security-is-not-container-security]]|K8s|
|2020.11.09|//Threatpost//|[[Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak|https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/]]|Data_Leak|
|2020.11.06|Web Site Planet| ← ''[[Report: Hotel Reservation Platform Leaves Millions of People Exposed in Massive Data Breach|https://www.websiteplanet.com/blog/prestige-soft-breach-report/]]''|Data_Leak|
|2020.11.09|InfoSecurity Mag| → [[Hotel Booking Firm Leaks Data on Millions of Guests|https://www.infosecurity-magazine.com/news/hotel-booking-firm-leaks-data/]]|Data_Leak|
|2020.11.10|Graham Cluley| → [[Millions of hotel guests worldwide have their private details exposed|https://grahamcluley.com/hotel-software-data-breach/]]|Data_Leak|
|2020.11.10|Secure Thoughts| → [[Hosting Provider Exposed 63M Records incl. WP & Magento|https://securethoughts.com/hosting-provider-exposed-63-million-customer-records/]]|Data_Leak|
|2020.11.10|Dark Reading| → [[Hotels.com & Expedia Provider Exposes Millions of Guests' Data|https://www.darkreading.com/cloud/hotelscom-and-expedia-provider-exposes-millions-of-guests-data/d/d-id/1339407]]|Data_Leak|
|2020.11.10|Silicon Angle| → [[10M+ hotel reservations found exposed on misconfigured cloud storage|https://siliconangle.com/2020/11/09/10m-hotel-reservations-found-exposed-misconfigured-cloud-storage/]]|Data_Leak|
|2020.11.10|Computer Weekly| → [[Leaky AWS S3 bucket once again at centre of data breach|https://www.computerweekly.com/news/252491842/Leaky-AWS-S3-bucket-once-again-at-centre-of-data-breach]]|Data_Leak|
|2020.11.11|Bit Defender| → [[Hotel Reservation Platform Leaks 7 Years' Worth of Customer Records, Exposes Millions to Fraud and Extortion|https://hotforsecurity.bitdefender.com/blog/hotel-reservation-platform-leaks-7-years-worth-of-customer-records-exposes-millions-to-fraud-and-extortion-24511.html]]|Data_Leak|
|2020.11.09|//XM Cyber//|[[Top 4 Hybrid Cloud Security Challenges|https://www.xmcyber.com/top-4-hybrid-cloud-security-challenges/]]|Hybrid_Cloud|
|>|>|>|!|
|2020.11.06|EY Canada|[[EY Canada welcomes IDMSense to the firm to enhance Digital Identity solutions for clients|https://www.ey.com/en_ca/news/2020/11/ey-canada-welcomes-idmsense-to-the-firm-to-enhance-digital-identity-solutions-for-clients]]|Acquisition|
|2020.11.09|MSSP Alert| → [[Ernst & Young Acquires Cloud Identity Management Company IDMSense|https://www.msspalert.com/investments/ernst-young-buys-idmsense/]]|Acquisition|
|2020.11.13|//Cloudcheckr//|[[How to Build Your Secure Cloud Architecture|https://cloudcheckr.com/cloud-security/build-secure-public-cloud-architecture/]]|Architecture|
|2020.11.12|JD Supra Law|[[Minimizing Risk with Amazon Web Services|https://www.jdsupra.com/legalnews/minimizing-risk-with-amazon-web-services-78005/]]|AWS Risks|
|2020.11.12|//RhinoSecurity Labs//|[[CloudGoat ECS_EFS_Attack Walkthrough - Introduction to Simulated AWS Attacks|https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/]]|AWS|
|2020.11.12|//Security Intelligence//|[[Data Security: Building for Today's Hybrid Cloud World|https://securityintelligence.com/posts/modern-data-security-architecture-building-hybrid-cloud/]]|Hybrid_Cloud|
|2020.11.11|//pCloud//|[[Europeans don't trust US tech giants with their data|https://betanews.com/2020/11/11/europeans-dont-trust-us-tech-giants/]]|Survey|
|2020.11.12|CISO Mag| → [[Why Europeans Don't Trust U.S. Organizations with their Data|https://cisomag.eccouncil.org/why-europeans-dont-trust-u-s-organizations-with-their-data/]]|Survey|
|2020.11.11|//Cloudonaut//|[[Comparing API Gateways on AWS|https://cloudonaut.io/comparing-api-gateways-on-aws/]]|APIs AWS|
|2020.11.11|//Rapid7//|[[2021 Detection and Response Planning, Part 4: Planning for Success with a Cloud SIEM|https://blog.rapid7.com/2020/11/11/2021-detection-and-response-planning-part-4-planning-for-success-with-a-cloud-siem/]]|SIEM|
|2020.11.10|DevOps|[[Achieve Cloud Resilience Through Systematic (and Chaotic) Testing|https://devops.com/achieve-cloud-resilience-through-systematic-and-chaotic-testing/]]|Testing Resilience|
|2020.11.10|CSO Online|[[Cloud Security Topics: Using Network Threat Protection to Decrease Vulnerability|https://www.csoonline.com/article/3591583/cloud-security-topics-using-network-threat-protection-to-decrease-vulnerability.html]]|Network Protection|
|2020.11.10|GBHackers On Security|[[A Hacker's Perspective: How Easy it is to Steal Data Through Consumer Cloud Services|https://gbhackers.com/a-hackers-perspective-how-easy-it-is-to-steal-data-through-consumer-cloud-services/]]|Threats|
|2020.11.10|//StakRox//|[[OpenShift Networking and Cluster Access Best Practices|https://www.stackrox.com/post/2020/11/openshift-networking-and-cluster-access-best-practices/]] (2/5)|Openshift Best_Practices|
|2020.11.10|//OpenText//|[[OpenText brings Digital Investigation to the Cloud with Microsoft Azure|https://vmblog.com/archive/2020/11/10/opentext-brings-digital-investigation-to-the-cloud-with-microsoft-azure.aspx]]|Azure Forensics|
|2020.11.10|//Divvy Cloud//|[[Amazon Web Services Identity and Access Management, by the Numbers|https://divvycloud.com/how-divvycloud-by-rapid-7-keeps-customer-clouds-out-of-the-news/]]|AWS IAM|
|2020.11.10|//Help Net security//|[[Remove excessive cloud permissions with CyberArk Cloud Entitlements Manager|https://www.helpnetsecurity.com/2020/11/10/cyberark-cloud-entitlements-manager/]]|Products CyberArk|
|2020.11.09|Sami Lamppu|[[Send Azure AD Identity Protection Events To 3rd Party SIEM|https://samilamppu.com/2020/11/09/send-azure-ad-identity-protection-events-to-3rd-party-siem/]]|AzureAD SIEM|
|2020.11.09|//XM Cyber//|[[Top 4 Hybrid Cloud Security Challenges|https://www.xmcyber.com/top-4-hybrid-cloud-security-challenges/]]|Hybrid_Cloud|
<<tiddler [[arOund0C]]>>
/%
Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data|https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/recommendations-012020-measures-supplement-transfer_en
Start Date: 11 November 2020 End Date: 21 December 2020 Public consultation reference: R01/2020 Status: Open for feedback 
https://edpb.europa.eu/sites/edpb/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf
https://edpb.europa.eu/sites/edpb/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf

|2020.11.11|//Microsoft Azure//|[[AWS to Azure services comparison|https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services]]|Azure AWS|
|2020.11.10|//Webroot//|[[Getting to Know Cloudjacking and Cloud Mining Could Save Your Business|https://www.webroot.com/blog/2020/11/10/getting-to-know-cloudjacking-and-cloud-mining-could-save-your-business/]]|Cloud_Jacking Cloud_Mining|
|2020.10.11|//CodeBurst//|[[VPC Networking: GCP v.s. AWS|https://codeburst.io/vpc-networking-gcp-v-s-aws-77a80bc7cfe2]]|VPC GCP AWS|
|2020.09.26|//CodeBurst//|[[Microservices Starter Kit|https://codeburst.io/microservices-starter-kit-17fcc7c53899]] ([[code|https://github.com/larkintuckerllc/starter-kit]])|Microservices|
|2020.09.11|//CodeBurst//|[[Kubernetes Dynamic Admission Control by Example|https://codeburst.io/kubernetes-dynamic-admission-control-by-example-d8cc2912027c]] ([[code|https://github.com/larkintuckerllc/hello-dynamic-admission-control]])|Kubernetes Access_Control|
|2020.09.01|//CodeBurst//|[[Automating Kubernetes Best Practices|https://codeburst.io/automating-kubernetes-best-practices-7a8276ff7b08]]|K8s Best_Practices|
|2020.08.26|//CodeBurst//|[[The AWS Client VPN Federated Authentication Missing Example|https://codeburst.io/the-aws-client-vpn-federated-authentication-missing-example-655e0a1ff7f4]]|AWS VPN Authentication|
|2020.08.21|//CodeBurst//|[[Missing the Point in Securing OAuth 2.0|https://codeburst.io/missing-the-point-in-securing-oauth-2-0-83968708b467]]|OAuth|
|2020.08.20|//CodeBurst//|[[OpenID Connect Client by Example|https://codeburst.io/openid-connect-client-by-example-76caf6dae55e]]|OpenID|
|2020.08.13|//CodeBurst//|[[Amazon CloudWatch Metrics By Example|https://codeburst.io/amazon-cloudwatch-metrics-by-example-249826b1404d]]|AWS CloudWatch|
|2020.08.09|//CodeBurst//|[[AWS: Delegating Access Control with Confidence|https://codeburst.io/aws-delegating-access-control-with-confidence-10b8dd83fd83]]|AWS Access_Control|
|2020.07.12|//CodeBurst//|[[AWS EKS Authentication with OpenID Connect by Example|https://codeburst.io/aws-eks-authentication-with-openid-connect-by-example-70b1989e689b]]|AWS EKS|
|2020.07.09|Portail de l'IE[>img[iCSF/flag_fr.png]]|![[GAIA-X, le cloud franco-allemand qui veut poser les bases de la souveraineté numérique européenne|https://portail-ie.fr/analysis/2420/gaia-x-le-cloud-franco-allemand-qui-veut-poser-les-bases-de-la-souverainete-numerique-europeenne]] |GAIA-X|
|2020.06.23|//CodeBurst//|[[AWS Attribute Based Access Control (ABAC) By Example|https://codeburst.io/aws-attribute-based-access-control-abac-by-example-4dffabed40a4]]|AWS ABAC|
|2020.06.04|Economie.Gouv.Fr[>img[iCSF/flag_fr.png]]|![[Concrétisation du projet "GAIA-X", une infrastructure européenne de données|https://www.economie.gouv.fr/concretisation-projet-gaia-x-infrastructure-europeenne-donnees]] ([[Comuniqué|https://minefi.hosting.augure.com/Augure_Minefi/r/ContenuEnLigne/Download?id=455CDCF3-24F8-42BB-B9C7-8837AED20249&filename=2186%20CP%20conjoint%20franco-allemand%20-%20infrastructure%20de%20donn%C3%A9es%20GAIA%20X.pdf]])|GAIA-X|
|2020.02.21|Blocks & Files|[[Commvault looms large on hybrid cloud data protection radar screen|https://blocksandfiles.com/2020/02/21/gigaom-puts-hybrid-cloud-data-protection-on-the-radar/]]|Hybrid_Cloud|
|2019.03.21|Kubernetes|[[A Guide to Kubernetes Admission Controllers|https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/]]|K8s Access_Control|
|2019.02.19|Gouvernement.Fr|[[Franco-German Manifesto|https://www.gouvernement.fr/en/a-franco-german-manifesto-for-a-european-industrial-policy-fit-for-the-21st-century]]|GAIA-X|
|2018.06.22|Portail de l'IE[>img[iCSF/flag_fr.png]]|[[Cloud Act, l'offensive américaine pour contrer le RGPD|https://portail-ie.fr/analysis/1902/cloud-act-loffensive-americaine-pour-contrer-le-rgpd]]|CLOUD_Act GDPR|
|2017.12.18|//Tripwire//|[[Preventing Yet Another AWS S3 Storage Breach|https://www.tripwire.com/state-of-security/featured/preventing-yet-another-aws-s3-storage-breach-with-tripwire/]]|AWS Storage Prevention|
Although CSA-FR has relied on what it regards as reliable sources while compiling the content herein, CSA-FR cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by CSA-FR in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
%/
!"//Seven Steps to defining the art of the possible in DevOps//"
[>img(150px,auto)[iCSA/KBEBS.png]]Article de blog publié le 14 novembre 2020 • Rédigé par Craig Thomas, Chapitre Washington DC de la CSA et VP of Engineering chez C2 Labs
<<<
//We all love buzzwords, and one over the last couple/few years has been DevOps. What in the world does it mean? I have talked to people that think it means Agile/SCRUM methodology, while others think it is just Docker containers. To some people it is just scripts to manage their network infrastructure and Linux servers, and to others it is a Continuous Integration/Continuous Deployment (CI/CD) pipeline using git repositories. Wikipedia says+++^*[»] https://en.wikipedia.org/wiki/DevOps ===:
|"DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. DevOps is complementary with Agile software development; several DevOps aspects came from Agile methodology." |
So which one is right?? As we work internally and with clients, I believe the best definition for me is a set of practices, techniques, and tools that make automation a reality. So, that may be Ansible/Chef/Puppet checking and setting configuration servers on infrastructure, Linux, and Windows servers. It is also the software development process. At the end of the day, it is looking at what is possible and putting it into action using the appropriate tools.

So, now we have the age old "tools discussion." It is a holy war. But I would say don't start there. Instead do this:
# Whiteboard out exactly what you want to do.
# Ask why. A LOT. Use the Five Whys+++^*[»] https://en.wikipedia.org/wiki/Five_whys === method to get to the root cause of existing problems with your businesses processes
# Take an inventory of your current tools, especially ones that already have agents installed or proper permissions
# Get and use a source code repository
# Start simple and modular, allowing for code/technique reuse
# RUTHLESSLY ELIMINATE all manual steps wherever possible
# Refactor and look for efficiencies.
# Rinse and repeat
So, what are some examples? To get you thinking, below are a couple of DevOps projects that we have successfully completed:

''EXAMPLE 1 - CI/CD Pipeline for Software Deployment''
This one is pretty "standard," but saves a ton of time and leverages several stages/additional pipelines throughout the process. Reach out and we can go into more details, but here are the high level pieces:
# Developer submits a PR (GitHub) or Merge Request (GitLab) to the "dev" branch of an Angular/.NET web application.
# Run .NET unit tests and report these results back to the GitHub PR
# Run Angular unit tests and report these results back to the GitHub PR
# Build a Docker Container
# Push it to Docker Hub or another container repository tagged with the commit hash
# Run an npm audit against the installed npm packages and report these results back to the GitHub PR
# Run container vulnerability scanning against the built container and report these results back to the GitHub PR
# Analyze the static code and publish the results to Sonarqube tool (i.e. for Quality or Section 508 issues)
The person approving the PR then has relevant data/results to view in addition to just looking at code. If he/she approves the PR, then the following happens:
# Download the latest Secrets and ConfigMap (environment variables) and deploy them to Kubernetes
# Update the image of the running pod in the DEV namespace of Kubernetes with the newly built image/commit hash
# Run Cucumber tests against DEV for basic smoke tests and other test cases
# Publish the Cucumber report to the pipeline
Now the app is up and running in DEV with nothing being done manually outside of the normal PR approval process. Developers and decision makers see more data to make more informed decisions. This approach lowers costs by eliminating manual labor, improves software quality, and ensure security vulnerabilities do not escape to production. This pipeline then continues all the way through to Production and releases for customers.

''EXAMPLE 2 - Extending This Pipeline''
So, how can we take this even further? Our software can run in a Docker container, but it also can be deployed using a standalone virtual appliance. We leverage the above pipelines to assist with this as well:
# A release tag is created in GitHub
# The release pushes the production container to Docker Hub for customers to deploy/update
# This process also creates a release in our Appliance pipeline
# This pipeline gets the release version as an input variable
# It updates the necessary files in its git repository
# It spins up a custom Linux box to do the build running in Azure/AWS/wherever
# It builds the appliance, creating an ISO
# It automatically uploads this ISO to an Azure Blob which is referenced from a URL or website
# It shuts down the Linux box to save compute costs within Azure/AWS
All this occurs once again from a single action of an authorized individual: creating a release in GitHub. Everything is 100% automated with the only thing required is a simple governance process to approve the release.

I hope this gave you a couple ideas of how DevOps can benefit you. The purpose of DevOps is putting automation into action. Ruthlessly eliminate every manual step possible. //
<<<

__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/14/seven-steps-to-defining-the-art-of-the-possible-in-devops/ 
!"//California Privacy Rights Act: What Are the Consequences for Cloud Users?//"
[>img(150px,auto)[iCSA/KBDBC.jpg]]Article de blog publié le 13 novembre 2020 • Rédigé par Francoise Gilbert, DataMinding, Inc.
<<<
//California voters approved Proposition 24 on November 3, 2020, paving the way to the California Privacy Rights Act (CPRA), which, on January 1, 2023, will replace California's current data protection law, the California Consumer Privacy Act (CCPA). CPRA slightly reshapes CCPA, creating additional rights for consumers and additional obligations and restrictions for businesses related to the use of consumer's personal information, including limits to data collection and retention, among other.

''Most of CPRA will become operative on January 1, 2023''. The law will apply to personal information collected after January 1, 2022. There will be a 6-month delay between the effective date of the act and its enforcement, with enforcement actions commencing on July 1, 2023. In the meantime, CCPA will remain in full force and effect.

''Like CCPA, CPRA has significant implications for the cloud ecosystem, and it affects both providers and users of cloud services''. Users of cloud services will want to ensure that the cloud service they receive is built to enable their business to comply with its CCPA/CPRA obligations. Cloud service providers will want to anticipate the needs of their customers so that they can develop the appropriate tools and procedures, and warrant that the service they provide contains the features necessary for their customers to meet their CPRA obligations.

''Among other things CPRA:''
* Revises some of the definitions currently existing in CCPA; especially the definition of "business" and "sale", and defines new terms, such as "sensitive personal information" and "sharing";
* Increases security requirements with the addition of audits and assessments for businesses whose processing present a significant risk to consumers' privacy and security;
* Creates additional limitations and contractual requirements for service providers and contractors;
* Introduces several new concepts that are similar to those found in most modern data protection laws, worldwide; such as data minimization or retention limitation;
* Expands consumer rights with respect to their personal information; such as right to correction, or right to object to the use of automated decision making and profiling;
* Introduces the notion of "sharing" personal information; clarifying the difference between selling and sharing;
* Sets forth stringent limitations to cross-context behavioral targeting;
* Increases penalties for violations related to the personal information of children under 16;
* Creates a new agency responsible for enforcing the CPRA; and
* Extends the CCPA exemptions for B2B and Employee data

For a more detailed analysis of the CPRA see our post here+++^*[»] https://www.dataminding.com/meet-the-upcoming-california-privacy-rights-act-cpra/ === //
[...] Lire la suite sur le blog de la CSA.
<<<

__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/13/california-privacy-rights-act-what-are-the-consequences-for-cloud-users/ 
[>img(300px,auto)[iCSF/KBGCF.png]]La 32ème conférence anuelle du FIRST (Forum of Incident Response and Security Teams) devait initialement se dérouler du 22 au 26 juin 2020 à Montréal.
Elle s'est transformée en une conférence en ligne les après-midis du lundi 16 au mercredi 18 novembre 2020.
Cette conférence est LA référence en matière de gestion d'incidents depuis les années 90 : elle couvre aussi des aspects tels que la Threat Intelligence, la détection et la prévention des attaques, la cyber-résilience, les aspects d'organisation et de maturité.

[>img(300px,auto)[iCSF/FIRST.png]]Seules 4 sessions traitent des aspects Cloud et Sécurité :
* ''Cyberespionage: Targeted Attacks Abusing Third-Party Cloud Services''
** Pré-enregistré et déjà disponible
** Intervenants : Daniel Lunghi (Trend Micro), Jaromir Horejsi (Trend Micro)
* ''Product Security: Education and Prevention through Root Cause Analysis in Secure Software Development Lifecycle''
** le 17 novembre de 14h à 14h30
** Intervenants : Stuart Short (SAP), Shipra Aggarwal (SAP)
* ''The Intelligent Process Lifecycle of Active Cyber Defenders''
** le 17 novembre de 14h35 à 15h05
** Intervenants : Desiree Sacher (Finanz Informatik), Eireann Leverett (Airbus)
* ''The Phish Pandemonium: The Value of Machine Learning to Extract Insights from Phishing URLs''
** le 18 novembre de 15h10 à 15h40
** Intervenants : Joy Nathalie Avelino (Trend Micro), Karla Agregado (Trend Micro)

__Liens :__
* Site de la conférence → https://www.first.org/conference/2020/
* Incriptions → https://www.first.org/conference/2020/registration
* Programme → https://www.first.org/conference/2020/sessions
* Sessions pré-enregistrées → https://www.first.org/conference/2020/on-demand
<<tiddler [[arOund0C]]>>
!"//Key Management when using Cloud Services//"
[>img(150px,auto)[iCSA/KB9PK.jpg]]Publication du 9 novembre 2020 //
<<<
!!Cloud Security Alliance Releases Key Management in Cloud Services: Understanding Encryption's Desired Outcomes and Limitations
__Document illustrates use of four key management patterns with cloud services, provides usage recommendations for managing data privacy, security expectations__
SEATTLE - Nov. 9, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released 'Key Management in Cloud Services: Understanding Encryption's Desired Outcomes and Limitations'+++^*[»] https://cloudsecurityalliance.org/artifacts/key-management-when-using-cloud-services ===, which examines both the uses and misconceptions of key management systems (KMS), which are used to manage cryptographic keys and their metadata. This guidance provides recommendations for using KMS in conjunction with cloud services to aid in meeting security and compliance requirements. It also makes suggestions for cloud service providers that provide key management functionality to customers.
"KMS is a means to an end, not an end in itself. While the capabilities it enables are tools that must serve business needs, it's imperative that we also recognize that KMS and encryption cannot address all business requirements," said Paul Rich, co-chair of the Cloud Key Management working group and one of the paper's lead authors. "Misconceptions about the capabilities of encryption persist, and regulatory requirements for key management and encryption are commonly unclear, undefined, or poorly understood. It's critical, therefore, that we not only understand the desired business outcomes of using encryption to protect data, but its limitations, as well."
Increasingly, organizations are realizing the many advantages that come from the cloud, including technological agility, elastic scale, speed to market, and lowered capital expenditures. Despite the benefits, cloud services also present challenges, particularly in terms of data privacy and security. The reason for this is that while encryption, as a technology, is used for secrecy/privacy in the transmission and storage of data, it's not the only technology used for this purpose - there are many cases where the use of encryption can be pointless, costly, and provide a false sense of security. Once encryption is established as a required or recommended piece of a technology architecture, it's crucial to understand the dynamics of encryption key generation, distribution, handling, and destruction.
Written by CSA's Cloud Key Management working group, the document examines the four primary cloud key management patterns that have emerged over the past decade, providing a snapshot of their attributes and challenges, as well as usage recommendations for:
* Cloud Native Key Management System. Here, KMS is built and owned by the same provider that delivers the cloud service the customer consumes, and all components of the KMS are in the cloud.
* External Key Origination. This pattern builds upon the Cloud Native model above, allowing for key generation ceremonies that originate with an external KMS.
* Cloud Service Using External Key Management System. The use of a cloud service where the KMS is hosted entirely external to the cloud service, either wholly on the customer's premises, wholly hosted by a third party chosen by the customer, or a combination of the two
* Multi-Cloud Key Management Systems. This pattern illustrates the ability to blend approaches for KMS implementations and cloud services.
"Understanding the organization's obligations and goals for data privacy and security should be the precursor to any technological solution or implementation, and that includes the use of encryption. A great deal of human energy and time has been wasted implementing encryption, where the outcome failed to deliver the expected data privacy or security. Establishing clear business and data privacy and security expectations can prevent some unpleasant outcomes," said Mike Schrock, Senior Director Global Business Development - Cloud Strategy for the Thales Group, lead author and co-chair of the Cloud Key Management working group.
//[...]//
<<<
!!!Introduction
> //The purpose of this document is to provide guidance for using Key Management Systems (KMS) with cloud services, whether the key management system is native to a cloud platform, external, self-operated, or yet another cloud service. Recommendations will be given to aid in determining which forms of key management systems are appropriate for different use cases.//
!!!Liens
* Annonce ⇒ https://cloudsecurityalliance.org/press-releases/2020/11/09/cloud-security-alliance-releases-key-management-in-cloud-services-understanding-encryption-s-desired-outcomes-and-limitations/
* Téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/key-management-when-using-cloud-services
* Document (PDF) ⇒ https://cloudsecurityalliance.org/download/artifacts/key-management-when-using-cloud-services/
!"//What is cloud security? How is it different from traditional on-premises network security?//"
[>img(150px,auto)[iCSA/KB9BW.jpg]]Article de blog publié le 9 novembre 2020 • Rédigé par Ryan Bergsma, Training Director, CSA
<<<
//Cloud is also becoming the back end for all forms of computing, including the ubiquitous Internet of Things+++^*[»] https://cloudsecurityalliance.org/artifacts/future-proofing-the-connected-world/ === and is the foundation for the information security industry. New ways of organizing compute, such as containerization+++^*[»] https://cloudsecurityalliance.org/artifacts/best-practices-for-implementing-a-secure-application-container-architecture/ === and DevOps+++^*[»] https://cloudsecurityalliance.org/artifacts/six-pillars-of-devsecops/ === are inseparable from cloud and accelerating the digital revolution.
So what is cloud security? How is security for cloud computing different from on-premise security? In this blog I'll attempt to answer those two questions.
(To learn more about best practices for securing a cloud environment read the CSA Security Guidance for Cloud Computing.)
!!What makes cloud computing unique from other forms of computing?
[>img(400px,auto)[iCSA/KB9B1.png]]There are many different ways of viewing cloud computing: It's a technology, a collection of technologies, an operational model, and a business model, just to name a few. Essentially cloud computing is a new operational model that combines the benefits of abstraction (virtualization) and automation (orchestration) for new ways of delivering and consuming technology. Cloud separates application and information resources from the underlying infrastructure and the mechanisms used to deliver them. Cloud describes the use of collection of services, applications, information and infrastructure comprised of pools of compute, network, information, and storage resources. Cloud provides an on-demand model of allocation and consumption.
Essential characteristics of Cloud Computing, service models and deployment models are all depicted in the following graph.
!!What are the differences between on-premise and cloud security?
There are security benefits to using cloud since cloud providers have significant economic incentives to protect customers. However, these benefits only appear if you understand and adopt cloud-native models and adjust your architectures and controls to align with the features and capabilities of cloud platforms. In fact, taking an existing application or asset and simply moving it to a cloud provider without any changes will often reduce agility, resiliency, and even security, all while increasing costs.
!!Cloud is primarily developer-driven.
Compared to on-premise security, cloud is primarily developer-driven. Every provider is fundamentally different at the lowest possible levels and old patterns are now new antipatterns. Often you will have things that look the same in the cloud but they are most definitely not the same. (For example: is a cloud route table the same as the one on your routers? The answer is no.)
!!The key difference between cloud and traditional computing is the metastructure.
At a high level, both cloud and traditional computing adhere to the following logical model that helps identify different layers based on functionality: infrastructure, metastructure, infostructure and applistructure. However cloud metastructure includes the management plane components, which are network-enabled and remotely accessible.
In the cloud, you tend to double up on each layer. Infrastructure, for example, includes both the infrastructure used to create the cloud as well as the virtual infrastructure used and managed by the cloud user. In private cloud, the same organization might need to manage both; in public cloud the provider manages the physical infrastructure while the consumer manages their portion of the virtual infrastructure. As we discuss further in the CSA Security Guidance v4+++^*[»] https://cloudsecurityalliance.org/research/guidance/ === this has profound implications on who is responsible for, and manages, security. These layers tend to map to different teams, disciplines, and technologies commonly found in IT organizations.
Cloud differs extensively from traditional computing within each layer of the meta structure. While the most obvious and immediate security management differences are in metastructure, cloud differs extensively from traditional computing within each layer. The scale of the differences will depend not only on the cloud platform, but on how exactly the cloud user utilizes the platform.
!!Cloud security scope and responsibilities change
[>img(400px,auto)[iCSA/KB9B2.png]]It might sound simplistic, but cloud security and compliance includes everything a security team is responsible for today, just in the cloud. All the traditional security domains remain, but the nature of risks, roles and responsibilities, and implementation of controls change, often dramatically. Though the overall scope of security and compliance doesn't change, the pieces any given cloud actor is responsible for most certainly do.
Think of it this way: Cloud computing is a shared technology model where different organizations are frequently responsible for implementing and managing different parts of the stack. As a result, security responsibilities are also distributed across the stack, and thus across the organizations involved. This is commonly referred to as the shared responsibility model. Think of it as a responsibility matrix that depends on the particular cloud provider and feature/product, the service model, and the deployment model.
Below is a graphical representation showing how responsibilities change depending on the cloud model (public, private or hybrid).
!!Common security pain points in cloud computing.
[>img(400px,auto)[iCSA/KB9B3.png]]The following 13 domains which comprise the CSA Security Guidance highlight areas of concern for cloud computing and are tuned to address both the strategic and tactical security "pain points" within a cloud environment, and can be applied to any combination of cloud service and deployment model.
The domains are divided into two broad categories: governance and operations. The governance domains are broad and address strategic and policy issues within a cloud computing environment, while the operational domains focus on more tactical security concerns and implementation within the architecture. You can read these best practices for free by downloading the CSA Security Guidance for Cloud Computing.
!!Learn more about cloud security by downloading the CSA Security Guidance for Cloud Computing.
[<img(100px,auto)[iCSA/KB9B4.png]]If you want to learn about cloud security we recommend that you start by reading the CSA Security Guidance for Cloud Computing which is freely available on our website. We also have a Certificate of Cloud Security Knowledge (CCSK) that provides a baseline level of knowledge for security and non-security professionals alike to understand how cloud changes security and best practices for staying secure in the cloud.//
<<<


__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/09/what-is-cloud-security-how-is-it-different-from-traditional-on-premises-network-security/ 
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #89|2020.11.08 - Newsletter Hebdomadaire #89]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #89|2020.11.08 - Weekly Newsletter - #89]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.11.08 - Newsletter Hebdomadaire #89]]>> |<<tiddler [[2020.11.08 - Weekly Newsletter - #89]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> === is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 2 au 8 novembre 2020
!!1 - Informations CSA - 2 au 8 novembre 2020

* Blog : 'CCSK Success Stories: Cloud Security Education and the Digital Transformation'+++*[»]> <<tiddler [[2020.11.04 - Blog : 'CCSK Success Stories: Cloud Security Education and the Digital Transformation']]>>=== 
* Blog : 'Why lions shouldn't invest in DeFi Smart Contracts'+++*[»]> <<tiddler [[2020.11.02 - Blog : 'Why lions shouldn't invest in DeFi Smart Contracts']]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 60 liens|2020.11.08 - Veille Hebdomadaire - 8 novembre]])

* __''À lire''__
** ABAC sur AWS (Scott Piper)+++^*[»] 
|2020.11.02|Summit Route|![[The state of ABAC on AWS|https://summitroute.com/blog/2020/11/02/state_of_abac_on_aws/]] |AWS RBAC|
=== 
** 'Container Image Creation and Deployment Guide' (DISA/DoD)+++^*[»] 
|2020.11.03|DISA|![[Container Image Creation and Deployment Guide - Version 2, Release 0.6|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/DevSecOps_Enterprise_Container_Image_Creation_and_Deployment_Guide_2.6-Public-Release.pdf]] (pdf)|DevSecOps Containers|
=== 
** New document repository (//Cloudonaut//)+++^*[»] 
|2020.11.02|//Cloudonaut//|[[Introducing cloudonaut plus|https://cloudonaut.io/introducing-cloudonaut-plus/]]|Portal|
=== 

* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : Nouvelles techniques de phihsing O365 (//WMC Global//) • Abus avec les notifications Google Drive+++^*[»] 
|2020.11.04|//WMC Global//|[[Office 365 Phishing Uses Image Inversion to Bypass Detection|https://www.wmcglobal.com/blog/office-365-phishing-uses-image-inversion-to-bypass-detection]]|O265 Phihsing|
|2020.11.03|GBHackers on Security|[[Attackers Using Google Drive Notifications to Trick the Users in Clicking Malicious Links|https://gbhackers.com/google-drive-notifications-abused/]]|Phishing Google_Drive|
=== 
** Vulnérabilités : Kubenetes (//CyberArk//)+++^*[»] 
|2020.11.05|Container Journal|[[CyberArk Discloses Kubernetes Security Issues|https://containerjournal.com/topics/container-security/cyberark-discloses-kubernetes-security-issues/]]|K8s Flaw|
=== 

* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Comptes de service Google Cloud (//Cloudberry Engineering//) • Images de containers • Openshift (//StakRox//) • AWS+++^*[»] 
|2020.11.08|//Cloudberry Engineering//|[[Google Cloud Service Accounts Security Best Practices|https://cloudberry.engineering/article/google-cloud-service-accounts-security-best-practices/]]|GCP Best_Practices|
|2020.11.04|Container Journal|[[5 Best Practices for Ensuring Secure Container Images|https://containerjournal.com/topics/container-security/5-best-practices-for-ensuring-secure-container-images/]]|Container Images|
|2020.11.03|//StakRox//|[[OpenShift security best practices part 1 of 5: cluster design|https://www.stackrox.com/post/2020/11/openshift-security-best-practices-part-1-of-5-cluster-design/]] (1/5)|Openshift Best_Practices|
|2020.11.02|The Register|[[How to keep on top of AWS best security practices|https://go.theregister.com/feed/www.theregister.com/2020/11/02/aws_best_security_practices/]]|AWS Best_Practices|
=== 

* __Rapports, Sondages, Études, Publications__

* __Cloud Services Providers, Outils__
** AWS: Azure Sentinel (Christophe Parisel) • Services de chiffrement • Registre pour les images Docker • Politiques IAM (//Tenchi Security// et //Amazon AWS//)+++^*[»] 
|2020.11.04|Christophe Parisel|![[Azure Sentinel part 1: why detection needs steroids|https://www.linkedin.com/pulse/azure-sentinel-part-1-why-detection-needs-steroids-christophe-parisel/]] (1/3) |Azure_Sentinel|
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'AWS : KMS et CloudHSM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dAWS-KMS-et-CloudHSM]]|Encryption AWS|
|2020.11.04|//Silicon Angle//|[[Amazon Web Services will build its own public registry for Docker container images|https://siliconangle.com/2020/11/03/amazon-web-services-will-build-public-registry-docker-container-images]]|AWS Docker Registry|
|2020.11.03|//Tenchi Security//|[[AWS Managed IAM Policies|https://www.tenchisecurity.com/blog/aws-managed-iam-policies]]|AWS IAM|
|2020.11.02|//Amazon AWS//|[[Aligning IAM policies to user personas for AWS Security Hub|https://aws.amazon.com/blogs/security/aligning-iam-policies-to-user-personas-for-aws-security-hub/]]|AWS_Security_Hub|
=== 
** Azure: Backups • Journalisation+++^*[»] 
|2020.11.03|Daniel Neumann|[[Automate taking backups from Azure disks attached to Azure Kubernetes Service|https://www.danielstechblog.io/automate-taking-backups-from-azure-disks-attached-to-azure-kubernetes-service/]]|Azure Hubernetes Backups|
|2020.11.02|Thomas Stringer|[[Logging to Azure from an AKS Cluster|https://trstringer.com/native-azure-logging-aks/]]|Azure_AKS Logging|
=== 
** GCP: Services de chiffrement • Le paradoxe de la Confiance • Registre pour les containers • CDN+++^*[»] 
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de GCP : Cloud KMS, Cloud HSM et Cloud EKM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-GCP-Cloud-KMS-Cloud-HSM-et-Cloud-EKM]]|Encryption GCP|
|2020.11.06|//Google Cloud//|[[The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less|https://cloud.google.com/blog/products/identity-security/trust-a-cloud-provider-that-enables-you-to-trust-them-less/]]|Trust|
|2020.11.05|//Google Cloud//|[[Hack your own custom domains for Container Registry|https://cloud.google.com/blog/topics/developers-practitioners/hack-your-own-custom-domains-container-registry/]]|GCP Containers Registry|
|2020.11.02|//Google Cloud//|[[Cache me if you can with latest Cloud CDN features|https://cloud.google.com/blog/products/networking/cloud-cdn-gets-improved-useability-features/]]|CDN|
=== 
** Oracle : Exemples de SSO+++^*[»] 
|2020.11.03|//Oracle Cloud//|[[3 Patterns for Delivering Single Sign-On|https://blogs.oracle.com/cloudsecurity/3-patterns-for-delivering-single-sign-on]]|Oracle_Cloud SSO|
=== 
** Kubernetes : Visualiaation de Traffic • Automatisation de Workflow avec AWS EKS, GCP GKE, Azure AKS+++^*[»] 
|2020.11.02|//Alcide//|[[Top Four Ways to Visualize Traffic Between Microservices in Kubernetes|https://blog.alcide.io/top-four-ways-to-visualize-traffic-between-microservices-in-kubernetes]]|K8s Microservices|
|2020.11.02|Cloud Native Computing Foundation|[[How To Run Kubernetes Workflow Automation with AWS EKS, GCP GKE, Azure AKS|https://www.cncf.io/blog/2020/11/02/how-to-run-kubernetes-workflow-automation-with-aws-eks-gcp-gke-azure-aks/]]|AWS_EKS Azure AKS GCP_GKE|
=== 
** Containers : Security intégrée+++^*[»] 
|2020.11.04|//Qualys//|[[Built-in Runtime Security for Containers|https://blog.qualys.com/product-tech/2020/11/03/built-in-runtime-security-for-containers]]|Containers|
=== 

* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts : CI/CD•+++^*[»] 
|2020.11.08||[[What The Heck Is CI/CD - Continuous Integration / Delivery / Deployment - Melissa Benua|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-THE-HECK-IS-CICD--Continuous-Integration--Delivery--Deployment---Melissa-Benua-em62rt]]|Podcast|
=== 
** Veilles : TL;DR Security 59 • The Cloud Security Reading List 62+++^*[»] 
|2020.11.08|Marco Lancini|[[The Cloud Security Reading List #62|https://cloudseclist.com/issues/issue-62/]] |Weekly_Newsletter|
|2020.11.04|TL;DR Security|[[#59 - NAT Slipstreaming, Widespread Injection in GitHub Actions, Greppable Secrets|https://tldrsec.com/blog/tldr-sec-059/]] ]]|Weekly_Newsletter|
=== 

* __Marché, Acquisitions__

* __Divers__
** Projets européens • GAIA-X+++^*[»] 
|2020.11.02|BSSI[>img[iCSF/flag_fr.png]]|[[Cloud Européen en Europe pour l'Europe : GAIA-X ou l'espoir d'un cloud souverain ?|https://blog.bssi.fr/gaia-x-cloud-souverain/]]|GAIA-X|
|2020.11.04|Lexology|[[EU Member States Declare Support for a Next Generation European Cloud Service|https://www.lexology.com/library/detail.aspx?g=023a5c7f-5b87-4a9a-971a-4581bdd754ec]]|Europe|
=== 
** SASE+++^*[»] 
|2020.11.02|Reseaux & Télécoms[>img[iCSF/flag_fr.png]]|[[Qui propose du SASE et avec quoi ?|https://www.reseaux-telecoms.net/actualites/lire-qui-propose-du-sase-et-avec-quoi-28086.html]]|SASE|
|2020.11.05|The Hacker News|[[If You Don't Have A SASE Cloud Service, You Don't Have SASE At All|https://thehackernews.com/2020/11/if-you-dont-have-sase-cloud-service-you.html]]|SASE|
|2020.11.02|CyberSec Hub|[[A How To Guide To Secure Access Service Edge (SASE)|https://www.cshub.com/executive-decisions/articles/a-how-to-guide-to-secure-access-service-edge-sase]]|SASE|
=== 
** Traitement du langage naturel+++^*[»] 
|2020.11.04|//Netskope//|[[Say What? Natural Language Processing Improves Cloud Security|https://www.netskope.com/blog/say-what-natural-language-processing-improves-cloud-security]]|Misc|
=== 
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KB8/|https://CloudSecurityAlliance.fr/go/KB8/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - November 2nd to 8th, 2020
!!1 - CSA News and Updates - November 2nd to 8th, 2020

* Blog : 'CCSK Success Stories: Cloud Security Education and the Digital Transformation'+++*[»]> <<tiddler [[2020.11.04 - Blog : 'CCSK Success Stories: Cloud Security Education and the Digital Transformation']]>>=== 
* Blog : 'Why lions shouldn't invest in DeFi Smart Contracts'+++*[»]> <<tiddler [[2020.11.02 - Blog : 'Why lions shouldn't invest in DeFi Smart Contracts']]>>=== 
!!2 - Cloud and Security News Watch ([[over 60 links|2020.11.08 - Veille Hebdomadaire - 8 novembre]])

* __''Must read''__
** State of ABAC on AWS (Scott Piper)+++^*[»] 
|2020.11.02|Summit Route|![[The state of ABAC on AWS|https://summitroute.com/blog/2020/11/02/state_of_abac_on_aws/]] |AWS RBAC|
=== 
** 'Container Image Creation and Deployment Guide' (DISA/DoD)+++^*[»] 
|2020.11.03|DISA|![[Container Image Creation and Deployment Guide - Version 2, Release 0.6|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/DevSecOps_Enterprise_Container_Image_Creation_and_Deployment_Guide_2.6-Public-Release.pdf]] (pdf)|DevSecOps Containers|
=== 
** New document repository (//Cloudonaut//)+++^*[»] 
|2020.11.02|//Cloudonaut//|[[Introducing cloudonaut plus|https://cloudonaut.io/introducing-cloudonaut-plus/]]|Portal|
=== 

* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: New O365 phishing technique (//WMC Global//) • Malicious usage of Google Drive Notifications+++^*[»] 
|2020.11.04|//WMC Global//|[[Office 365 Phishing Uses Image Inversion to Bypass Detection|https://www.wmcglobal.com/blog/office-365-phishing-uses-image-inversion-to-bypass-detection]]|O265 Phihsing|
|2020.11.03|GBHackers on Security|[[Attackers Using Google Drive Notifications to Trick the Users in Clicking Malicious Links|https://gbhackers.com/google-drive-notifications-abused/]]|Phishing Google_Drive|
=== 
** Vulnerabilities: Kubenetes (//CyberArk//)+++^*[»] 
|2020.11.05|Container Journal|[[CyberArk Discloses Kubernetes Security Issues|https://containerjournal.com/topics/container-security/cyberark-discloses-kubernetes-security-issues/]]|K8s Flaw|
=== 

* __Best Practices, and Detection__
** Best Practices: Google Cloud Service Accounts (//Cloudberry Engineering//) • Container Images • Openshift (//StakRox//) • AWS+++^*[»] 
|2020.11.08|//Cloudberry Engineering//|[[Google Cloud Service Accounts Security Best Practices|https://cloudberry.engineering/article/google-cloud-service-accounts-security-best-practices/]]|GCP Best_Practices|
|2020.11.04|Container Journal|[[5 Best Practices for Ensuring Secure Container Images|https://containerjournal.com/topics/container-security/5-best-practices-for-ensuring-secure-container-images/]]|Container Images|
|2020.11.03|//StakRox//|[[OpenShift security best practices part 1 of 5: cluster design|https://www.stackrox.com/post/2020/11/openshift-security-best-practices-part-1-of-5-cluster-design/]] (1/5)|Openshift Best_Practices|
|2020.11.02|The Register|[[How to keep on top of AWS best security practices|https://go.theregister.com/feed/www.theregister.com/2020/11/02/aws_best_security_practices/]]|AWS Best_Practices|
=== 

* __Reports, Surveys, Studies, Publications__

* __Cloud Services Providers, Tools__
** AWS: Azure Sentinel (Christophe Parisel) • Encryption Services • Public Registry for Docker Container Images • IAM Policies (//Tenchi Security// et //Amazon AWS//)+++^*[»] 
|2020.11.04|Christophe Parisel|![[Azure Sentinel part 1: why detection needs steroids|https://www.linkedin.com/pulse/azure-sentinel-part-1-why-detection-needs-steroids-christophe-parisel/]] (1/3) |Azure_Sentinel|
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'AWS : KMS et CloudHSM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dAWS-KMS-et-CloudHSM]]|Encryption AWS|
|2020.11.04|//Silicon Angle//|[[Amazon Web Services will build its own public registry for Docker container images|https://siliconangle.com/2020/11/03/amazon-web-services-will-build-public-registry-docker-container-images]]|AWS Docker Registry|
|2020.11.03|//Tenchi Security//|[[AWS Managed IAM Policies|https://www.tenchisecurity.com/blog/aws-managed-iam-policies]]|AWS IAM|
|2020.11.02|//Amazon AWS//|[[Aligning IAM policies to user personas for AWS Security Hub|https://aws.amazon.com/blogs/security/aligning-iam-policies-to-user-personas-for-aws-security-hub/]]|AWS_Security_Hub|
=== 
** Azure: Backups • Logging+++^*[»] 
|2020.11.03|Daniel Neumann|[[Automate taking backups from Azure disks attached to Azure Kubernetes Service|https://www.danielstechblog.io/automate-taking-backups-from-azure-disks-attached-to-azure-kubernetes-service/]]|Azure Hubernetes Backups|
|2020.11.02|Thomas Stringer|[[Logging to Azure from an AKS Cluster|https://trstringer.com/native-azure-logging-aks/]]|Azure_AKS Logging|
=== 
** GCP: Encryption Services • Trust Paradox • Container Registry • CDN+++^*[»] 
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de GCP : Cloud KMS, Cloud HSM et Cloud EKM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-GCP-Cloud-KMS-Cloud-HSM-et-Cloud-EKM]]|Encryption GCP|
|2020.11.06|//Google Cloud//|[[The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less|https://cloud.google.com/blog/products/identity-security/trust-a-cloud-provider-that-enables-you-to-trust-them-less/]]|Trust|
|2020.11.05|//Google Cloud//|[[Hack your own custom domains for Container Registry|https://cloud.google.com/blog/topics/developers-practitioners/hack-your-own-custom-domains-container-registry/]]|GCP Containers Registry|
|2020.11.02|//Google Cloud//|[[Cache me if you can with latest Cloud CDN features|https://cloud.google.com/blog/products/networking/cloud-cdn-gets-improved-useability-features/]]|CDN|
=== 
** Oracle : Patterns for Delivering SSO+++^*[»] 
|2020.11.03|//Oracle Cloud//|[[3 Patterns for Delivering Single Sign-On|https://blogs.oracle.com/cloudsecurity/3-patterns-for-delivering-single-sign-on]]|Oracle_Cloud SSO|
=== 
** Kubernetes: Traffic Visualization • Workflow Automation with AWS EKS, GCP GKE, Azure AKS+++^*[»] 
|2020.11.02|//Alcide//|[[Top Four Ways to Visualize Traffic Between Microservices in Kubernetes|https://blog.alcide.io/top-four-ways-to-visualize-traffic-between-microservices-in-kubernetes]]|K8s Microservices|
|2020.11.02|Cloud Native Computing Foundation|[[How To Run Kubernetes Workflow Automation with AWS EKS, GCP GKE, Azure AKS|https://www.cncf.io/blog/2020/11/02/how-to-run-kubernetes-workflow-automation-with-aws-eks-gcp-gke-azure-aks/]]|AWS_EKS Azure AKS GCP_GKE|
=== 
** Containers: Built-in Runtime Security+++^*[»] 
|2020.11.04|//Qualys//|[[Built-in Runtime Security for Containers|https://blog.qualys.com/product-tech/2020/11/03/built-in-runtime-security-for-containers]]|Containers|
=== 

* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcasts: Cloud Security Podcast+++^*[»] 
|2020.11.08|Cloud Security Podcast|[[What The Heck Is CI/CD - Continuous Integration / Delivery / Deployment - Melissa Benua|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-THE-HECK-IS-CICD--Continuous-Integration--Delivery--Deployment---Melissa-Benua-em62rt]]|Podcast|
=== 
** Newsletters: TL;DR Security 59 • The Cloud Security Reading List 62+++^*[»] 
|2020.11.08|Marco Lancini|[[The Cloud Security Reading List #62|https://cloudseclist.com/issues/issue-62/]] |Weekly_Newsletter|
|2020.11.04|TL;DR Security|[[#59 - NAT Slipstreaming, Widespread Injection in GitHub Actions, Greppable Secrets|https://tldrsec.com/blog/tldr-sec-059/]] ]]|Weekly_Newsletter|
=== 

* __Market, Acquisitions__

* __Miscellaneous__
** European projects • GAIA-X+++^*[»] 
|2020.11.02|BSSI[>img[iCSF/flag_fr.png]]|[[Cloud Européen en Europe pour l'Europe : GAIA-X ou l'espoir d'un cloud souverain ?|https://blog.bssi.fr/gaia-x-cloud-souverain/]]|GAIA-X|
|2020.11.04|Lexology|[[EU Member States Declare Support for a Next Generation European Cloud Service|https://www.lexology.com/library/detail.aspx?g=023a5c7f-5b87-4a9a-971a-4581bdd754ec]]|Europe|
=== 
** SASE+++^*[»] 
|2020.11.02|Reseaux & Télécoms[>img[iCSF/flag_fr.png]]|[[Qui propose du SASE et avec quoi ?|https://www.reseaux-telecoms.net/actualites/lire-qui-propose-du-sase-et-avec-quoi-28086.html]]|SASE|
|2020.11.05|The Hacker News|[[If You Don't Have A SASE Cloud Service, You Don't Have SASE At All|https://thehackernews.com/2020/11/if-you-dont-have-sase-cloud-service-you.html]]|SASE|
|2020.11.02|CyberSec Hub|[[A How To Guide To Secure Access Service Edge (SASE)|https://www.cshub.com/executive-decisions/articles/a-how-to-guide-to-secure-access-service-edge-sase]]|SASE|
=== 
** Natural Language Processing+++^*[»] 
|2020.11.04|//Netskope//|[[Say What? Natural Language Processing Improves Cloud Security|https://www.netskope.com/blog/say-what-natural-language-processing-improves-cloud-security]]|Misc|
=== 
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KB8/|https://CloudSecurityAlliance.fr/go/KB8/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 2 au 8 novembre 2020
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.11.08|
|2020.11.08|Marco Lancini|[[The Cloud Security Reading List #62|https://cloudseclist.com/issues/issue-62/]] |Weekly_Newsletter|
|2020.11.08|Cloud Security Podcast|[[What The Heck Is CI/CD - Continuous Integration / Delivery / Deployment - Melissa Benua|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-THE-HECK-IS-CICD--Continuous-Integration--Delivery--Deployment---Melissa-Benua-em62rt]]|Podcast|
|2020.11.08|//Cloudberry Engineering//|[[Google Cloud Service Accounts Security Best Practices|https://cloudberry.engineering/article/google-cloud-service-accounts-security-best-practices/]]|GCP Best_Practices|
|>|>|>|!2020.11.07|
|2020.11.07|//ReBlaze//|[[Announcing Curiefense: An Open-Source Security Platform|https://www.reblaze.com/blog/announcing-curiefense-an-open-source-security-platform/]] ([[site|https://www.reblaze.com/blog/announcing-curiefense-an-open-source-security-platform/]])|Tools Firewall|
|>|>|>|!2020.11.06|
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de GCP : Cloud KMS, Cloud HSM et Cloud EKM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-GCP-Cloud-KMS-Cloud-HSM-et-Cloud-EKM]]|Encryption GCP|
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'AWS : KMS et CloudHSM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dAWS-KMS-et-CloudHSM]]|Encryption AWS|
|2020.11.06|Security Weekly|[[Abusing JWT (JSON Web Tokens) - Sven Morgenroth - PSW #673|https://www.youtube.com/watch?v=wt3UixCiPfo]]|
|2020.11.06|//Google Cloud//|[[The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less|https://cloud.google.com/blog/products/identity-security/trust-a-cloud-provider-that-enables-you-to-trust-them-less/]]|Trust|
|>|>|>|!2020.11.05|
|2020.11.05|Center for Internet Security|[[Advancing Cloud Security with CIS on AWS|https://www.cisecurity.org/blog/advancing-cloud-security-with-cis-on-aws/]]|AWS|
|2020.11.05|CSO Magazine|[[5 best practices for negotiating SaaS contracts for risk and security|https://www.csoonline.com/article/3587783/5-best-practices-for-negotiating-saas-contracts-for-risk-and-security.html]]|Best_Practices Contracts SaaS|
|2020.11.05|The Hacker News|[[If You Don't Have A SASE Cloud Service, You Don't Have SASE At All|https://thehackernews.com/2020/11/if-you-dont-have-sase-cloud-service-you.html]]|SASE|
|2020.11.05|Kinnaird McQuade|[[Nuking all Azure Resource Groups under all Azure subscriptions|https://kmcquade.com/2020/11/nuking-all-azure-resource-groups-under-all-azure-subscriptions/]]|Azure|
|2020.11.05|Lyft Engineering|[[IAM whatever you say IAM|https://eng.lyft.com/iam-whatever-you-say-iam-febce59d1e3b]]|AWS IAM|
|2020.11.05|//CyberArk//|![[Attacking Kubernetes Clusters Through Your Network Plumbing: Part 1|https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-1]] (1/2) |Kubernetes Flaw|
|2020.11.05|Container Journal|[[CyberArk Discloses Kubernetes Security Issues|https://containerjournal.com/topics/container-security/cyberark-discloses-kubernetes-security-issues/]]|K8s Flaw|
|2020.11.05|//AlienVault//|[[What is a Cloud Access Security Broker? CASB explained|https://cybersecurity.att.com/blogs/security-essentials/cloud-access-security-broker-explained]]|CASB|
|2020.11.05|//Cloud Passage//|[[Prevent a Pfizer-like PII Data Breach in Google Cloud|https://www.cloudpassage.com/articles/pii-data-breach-protection-for-google-cloud/]]|GCP Data_Breach|
|2020.11.05|//Cipher Cloud//|[[Advancing Cloud DLP Through Smarter Policies|https://www.ciphercloud.com/advancing-cloud-dlp-through-smarter-policies/]]|DLP|
|2020.11.05|//Netskope//|[[SASE and the Forces Shaping Digital Transformation Part 1: Businesses Strategy and Information Technology Ops|https://www.netskope.com/blog/sase-and-the-forces-shaping-digital-transformation-part-1-businesses-strategy-and-information-technology-ops]] (1/3)|SASE|
|2020.11.05|//Google Cloud//|[[Hack your own custom domains for Container Registry|https://cloud.google.com/blog/topics/developers-practitioners/hack-your-own-custom-domains-container-registry/]]|GCP Containers Registry|
|>|>|>|!2020.11.04|
|2020.11.04|TL;DR Security|[[#59 - NAT Slipstreaming, Widespread Injection in GitHub Actions, Greppable Secrets|https://tldrsec.com/blog/tldr-sec-059/]] ]]|Weekly_Newsletter|
|2020.11.04|Christophe Parisel|![[Azure Sentinel part 1: why detection needs steroids|https://www.linkedin.com/pulse/azure-sentinel-part-1-why-detection-needs-steroids-christophe-parisel/]] (1/3) |Azure_Sentinel|
|2020.11.04|Container Journal|[[5 Best Practices for Ensuring Secure Container Images|https://containerjournal.com/topics/container-security/5-best-practices-for-ensuring-secure-container-images/]]|Container Images|
|2020.11.04|Lexology|[[EU Member States Declare Support for a Next Generation European Cloud Service|https://www.lexology.com/library/detail.aspx?g=023a5c7f-5b87-4a9a-971a-4581bdd754ec]]|Europe|
|2020.11.04|Security Week|[[Securing Data-in-Use With Confidential Computing|https://www.securityweek.com/securing-data-use-confidential-computing]]|Confidential_Computing|
|2020.11.04|//WMC Global//|[[Office 365 Phishing Uses Image Inversion to Bypass Detection|https://www.wmcglobal.com/blog/office-365-phishing-uses-image-inversion-to-bypass-detection]]|O265 Phihsing|
|2020.11.04|ZD Net|[[AWS preps its own library of public Docker container images|https://www.zdnet.com/article/aws-preps-its-own-library-of-public-docker-container-images/]]|AWS Docker Images|
|2020.11.04|GovLoop|[[Leveraging Zero Trust Against Cyberattacks|https://www.govloop.com/leveraging-zero-trust-against-cyberattacks/]]|Zero_Trust|
|2020.11.04|Cloud Security Alliance|[[Cloud-Based, Intelligent Ecosystems|https://cloudsecurityalliance.org/artifacts/cloud-based-intelligent-ecosystems/]]|CSA Publication|
|2020.11.04|Dark Reading| → [[CSA Moves to Redefine Cloud-Based Intelligence|https://www.darkreading.com/threat-intelligence/csa-moves-to-redefine-cloud-based-intelligence/a/d-id/1339345]]|CSA|
|2020.11.04|//Heimdal Security//|[[SaaS Security: How to Protect Your Enterprise in the Cloud|https://heimdalsecurity.com/blog/saas-security/]]|SaaS|
|2020.11.04|//AlienVault//|[[In Zero we trust|https://cybersecurity.att.com/blogs/security-essentials/in-zero-we-trust]]|Zero_Trust|
|2020.11.04|//Qualys//|[[Built-in Runtime Security for Containers|https://blog.qualys.com/product-tech/2020/11/03/built-in-runtime-security-for-containers]]|Containers|
|2020.11.04|//AppFleet//|[[Best Practices and Considerations for Multi-Tenant SaaS Application Using AWS EKS|https://appfleet.com/blog/best-practices-and-considerations-for-multi-tenant-saas-application-using-kubernetes-and-aws-ecs/]]|AWS_EKS|
|2020.11.04|//Tripwire//|[[Building a Security Alliance with Your Cloud Partners|https://www.tripwire.com/state-of-security/security-data-protection/cloud/build-a-security-alliance-with-cloud-partners/]]|Misc|
|2020.11.04|//Recorded Future//|[[Ransomware-as-a-Service Becomes Increasingly Accessible via Social Media and Open Sources|https://www.recordedfuture.com/ransomware-as-a-service/]] ([[pdf|https://go.recordedfuture.com/hubfs/reports/cta-2020-1104.pdf]])|Ransomware|
|2020.11.04|//Silicon Angle//|[[Amazon Web Services will build its own public registry for Docker container images|https://siliconangle.com/2020/11/03/amazon-web-services-will-build-public-registry-docker-container-images]]|AWS Docker Registry|
|2020.11.04|//Netskope//|[[Say What? Natural Language Processing Improves Cloud Security|https://www.netskope.com/blog/say-what-natural-language-processing-improves-cloud-security]]|Misc|
|2020.11.04|//HashiCorp//|[[Understanding the Boundary Identity and Access Management Model|https://www.hashicorp.com/blog/understanding-the-boundary-identity-and-access-management-model]]|Boundary Explain|
|>|>|>|!2020.11.03|
|2020.11.03|DISA|![[Container Image Creation and Deployment Guide - Version 2, Release 0.6|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/DevSecOps_Enterprise_Container_Image_Creation_and_Deployment_Guide_2.6-Public-Release.pdf]] (pdf)|DevSecOps Containers|
|2020.11.10|//Anchore//| → [[Enforcing the DoD Container Image and Deployment Guide with Anchore Federal|https://anchore.com/blog/enforcing-the-dod-container-image-and-deployment-guide-with-anchore-federal/]]|DevSecOps Containers|
|2020.11.03|Secure Cloud Blog|[[Quick spin: Azure Managed Identity on non-Azure VM's with Azure ARC and Node.JS Runtime|https://securecloud.blog/2020/11/03/quick-spin-azure-managed-identity-on-non-azure-vms-with-azure-arc-and-node-js-runtime/]]|Azure_ARC|
|2020.11.03|GBHackers on Security|[[Attackers Using Google Drive Notifications to Trick the Users in Clicking Malicious Links|https://gbhackers.com/google-drive-notifications-abused/]]|Phishing Google_Drive|
|2020.11.03|Security Week|[[Securing Data-in-Use With Confidential Computing|https://www.securityweek.com/securing-data-use-confidential-computing]]|Confidential_Computing|
|2020.11.03|Daniel Neumann|[[Automate taking backups from Azure disks attached to Azure Kubernetes Service|https://www.danielstechblog.io/automate-taking-backups-from-azure-disks-attached-to-azure-kubernetes-service/]]|Azure Hubernetes Backups|
|2020.11.03|Container Journal|[[Kata Container Security is Good, but There's an Achilles Heel|https://containerjournal.com/topics/container-security/kata-container-security-is-good-but-theres-an-achilles-heel/]]|Containers|
|2020.11.03|//StakRox//|[[OpenShift security best practices part 1 of 5: cluster design|https://www.stackrox.com/post/2020/11/openshift-security-best-practices-part-1-of-5-cluster-design/]] (1/5)|Openshift Best_Practices|
|2020.11.03|//Tenchi Security//|[[AWS Managed IAM Policies|https://www.tenchisecurity.com/blog/aws-managed-iam-policies]]|AWS IAM|
|2020.11.03|//Sysig//|[[How to monitor coreDNS|https://sysdig.com/blog/how-to-monitor-coredns/]]|K8s DNS|
|2020.11.03|//Oracle Cloud//|[[3 Patterns for Delivering Single Sign-On|https://blogs.oracle.com/cloudsecurity/3-patterns-for-delivering-single-sign-on]]|Oracle_Cloud SSO|
|>|>|>|!2020.11.02|
|2020.11.02|Reseaux & Télécoms[>img[iCSF/flag_fr.png]]|[[Qui propose du SASE et avec quoi ?|https://www.reseaux-telecoms.net/actualites/lire-qui-propose-du-sase-et-avec-quoi-28086.html]]|SASE|
|2020.11.02|Summit Route|![[The state of ABAC on AWS|https://summitroute.com/blog/2020/11/02/state_of_abac_on_aws/]] |AWS RBAC|
|2020.11.02|Thomas Stringer|[[Logging to Azure from an AKS Cluster|https://trstringer.com/native-azure-logging-aks/]]|Azure_AKS Logging|
|2020.11.02|Build5Nines|[[Terraform: Create an AKS Cluster|https://build5nines.com/terraform-create-an-aks-cluster/]]|Azure AKS Terraform|
|2020.11.02|The Register|[[How to keep on top of AWS best security practices|https://go.theregister.com/feed/www.theregister.com/2020/11/02/aws_best_security_practices/]]|AWS Best_Practices|
|2020.11.02|Cloud Native Computing Foundation|[[How To Run Kubernetes Workflow Automation with AWS EKS, GCP GKE, Azure AKS|https://www.cncf.io/blog/2020/11/02/how-to-run-kubernetes-workflow-automation-with-aws-eks-gcp-gke-azure-aks/]]|AWS_EKS Azure AKS GCP_GKE|
|2020.11.02|DZone|[[Setting the Reliability Standard|https://dzone.com/articles/setting-the-reliability-standard]]|Reliability|
|2020.11.02|CyberSec Hub|[[A How To Guide To Secure Access Service Edge (SASE)|https://www.cshub.com/executive-decisions/articles/a-how-to-guide-to-secure-access-service-edge-sase]]|SASE|
|2020.11.02|BSSI[>img[iCSF/flag_fr.png]]|[[Cloud Européen en Europe pour l'Europe : GAIA-X ou l'espoir d'un cloud souverain ?|https://blog.bssi.fr/gaia-x-cloud-souverain/]]|GAIA-X|
|2020.11.02|Dark Reading|[[Microsoft & Others Catalog Threats to Machine Learning Systems|https://www.darkreading.com/vulnerabilities---threats/advanced-threats/microsoft-and-others-catalog-threats-to-machine-learning-systems/d/d-id/1339354]]|Misc|
|2020.11.02|//Cloudonaut//|[[Introducing cloudonaut plus|https://cloudonaut.io/introducing-cloudonaut-plus/]]|Portal|
|2020.11.02|//Alcide//|[[Top Four Ways to Visualize Traffic Between Microservices in Kubernetes|https://blog.alcide.io/top-four-ways-to-visualize-traffic-between-microservices-in-kubernetes]]|K8s Microservices|
|2020.11.02|//Aqua Security//|[[Automating Kubernetes Security Reporting with Starboard Operator|https://blog.aquasec.com/automate-kubernetes-security-reporting-starboard-operator]]|K8s|
|2020.11.02|//Amazon AWS//|[[Aligning IAM policies to user personas for AWS Security Hub|https://aws.amazon.com/blogs/security/aligning-iam-policies-to-user-personas-for-aws-security-hub/]]|AWS_Security_Hub|
|2020.11.02|//Google Cloud//|[[Cache me if you can with latest Cloud CDN features|https://cloud.google.com/blog/products/networking/cloud-cdn-gets-improved-useability-features/]]|CDN|
<<tiddler [[arOund0C]]>>
!"//CCSK Success Stories: From a Security Consultant//"
[>img(150px,auto)[iCSA/K4QCCSK.png]]Article de blog publié le 4 novembre 2020
<<<
//This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Murugesh Rao, the Project Manager for Cloud & Data Center Transformation at UMW.

Q: __In your current role at UMW, as Project Manager for Cloud & Data Center Transformation, what does your job involves?__
A: My primary role is to design and strategize a path for UMW to kick start the UMW digital cloud journey. This is a broad description however that needs to be broken down into near future deliverables. The job is to design a cloud-first strategy and align all the work that is planned and in progress in IT and business. It also entails building awareness for some of the new security considerations, and upskilling and cross-skilling current workforce to manage the future cloud estate.

Q: __Can you share with us some complexities in managing cloud computing projects?__
A: One of the biggest challenges is creating a baseline for apps and systems that are on-prem and comparing them as we migrate to the cloud. The baseline may include resource requirements and the true cost of ownership. Given some of the baseline parameters are not monitored within the on-prem implementation, it will result in doing a bit more work and time to create those baselines before creating a positive business case.
The other challenges are skill-sets. Since cloud computing is fast evolving, keeping up with the pace of change for new cloud adopters can be a challenge. An example is the difference between on-prem security and cloud security. On-prem is primarily focused on the outer parameters while the cloud focuses security on every layer of the virtual network and interfaces.

Q: __In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?__
A: Understand the connectivity cost, the egress traffic will be a new cost to the setup, hence understanding the amount of traffic flow is important and so is looking out for hidden traffic costs.
Resource planning is important as well, you might want to configure alerts if there is a cost overrun within your subscription. Begin with a very active cloud cost management approach and start implementing the budget alerts to ensure you don't get a surprise bill.
Do not over-solution at the start as cloud is the building blocks of services. Hence craft the project in phases; you also will be able to manage a lower start-up cost

Q: __What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?__
A: Being a cloud enthusiast, I was keen to get a broader understanding of cloud security in general without the need to understand a specific cloud products or services. It was also important to design and architect a cloud strategy and solution; hence I had to have an in-depth understanding of the security eco-system of a cloud architecture.
There are many sections I could highlight but the one that stood out for me was the Simple Cloud Security Process Model. It was a model that I could easily incorporate in the cloud design process to identify and implement security controls for a more secure and safe cloud landscape.

Q: __How does CCM help communicate with customers?__
A: The Cloud Control Matrix (CCM), provides a level of confidence to the customer as each of the control-id maps to the industry security standards. In addition, the ability to use the matrix to ensure the cloud design conforms to the controls (which is well documented in the CCM). The customers could also use this as a checklist for internal audit assessments.

Q: __What's the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenario are the different certificates important?__
A: Conceptually, a vendor-neutral certification provides a framework, in this case cloud security as opposed to focusing on the product features. This is important when an organization is evaluating which public or private cloud to adopt based on the business and organization security requirements. When an organization has narrowed down to a few cloud providers, a vendor-specific certificate would be useful.

Q: __Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications? Why?__
A: Yes, I have and will continue to do so. CCSK has broadened my view of cloud security and helped me move beyond a cloud provider feature focus on security. The CCSK equips you with the knowledge to question and continuously improve the security landscape and the potential to work with your cloud providers to continuously improve. In addition, you also can evaluate the cloud providers' security offerings given your vendor-neutral knowledge.

Q: __What is the best advice you would give to IT professionals in order for them to scale new heights in their careers?__
A: I truly believe in life-long learning and this quote sums it up nicely
"The capacity to learn is a gift; the ability to learn is a skill; the willingness to learn is a choice"//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/04/ccsk-success-stories-cloud-security-education-and-the-digital-transformation/ 
!"//Why lions shouldn't invest in DeFi Smart Contracts//"
Article publié le 2 novembre 2020 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA//
<<<
|This article is not legal or investment advice, it covers some aspects of front running in DeFi, and potential security solutions. 
This article also assumes you have a relatively deep understanding of the following Blockchain/DLT related terms: 100% matches: Block, Blockchain, Consensus, Exchange, Ledger, Mempool, Miner, Mining, Oracle,Token, Transaction| !!!Blockchain attacks are very hot right now for one simple reason: it's where the money is. [>img(175px,auto)[iCSA/KB2BW.jpg]]__Why did the lion lose at poker? Because he was playing against a cheetah.__ !!!Front running in Blockchain/DLT Front running is defined as someone (usually a stock broker) selling or buying stock before executing a client's transaction. The idea being that the client's transaction will move the market, or is offering a price that provides an arbitrage opportunity. Front running typically involves elements of insider trading; the front runner often takes advantage of non public information to gain an advantage. The other common aspect is that the person doing the front running has a fiduciary duty to the person being taken advantage of. Front running in Blockchain/DLT (Distributed Ledger Technology) and crypto currencies / DeFi (Decentralized Finance) is even more complicated than traditional financial markets because of the added complexity of smart contracts, smart assets, and the manner in which transactions are executed and finalized can vary significantly and take an extended time period. Also the two most popular blockchains (Bitcoin and Ethereum) do not have a central controlling authority, they are truly decentralized. Please note that I'm not even going to talk about flaws in smart contracts (technical or architectural), the exchanges, the platforms running smart contracts and so on (that's a later article). We're going to assume a system that is "secure", and the attacker is simply taking advantage of speed and public knowledge. Also for the rest of this article I'm going to focus on Ethereum for one simple reason: it's the biggest, most widely used smart contract platform. !!!Example of how front running works in DeFi First let's define how front running typically works in DeFi (I'm going to use DeFi as the catch all term), basically Alice (the victim) wants to take an action (sell something, buy it, whatever) and Eve (the attacker) learns about the action Alice is taking, Eve then does something to gain an advantage. Some of the more common scenarios currently are: # Eve learns about a transaction Alice is going to take, and does something before Alice's transaction can run or possibly before it completes. Eve still needs Alice's transaction to execute (sometimes referred to as "insertion" front running), for example Eve spots Alice offering a bid on something at above market price, Eve buys the item at current market price and then offers it at Alice's bid price to make some money # Eve learns about a transaction Alice is going to take, and does something before Alice's transaction can run or possibly before it completes. Eve doesn't care if Alice's transaction then executes or not (sometimes referred to as "displacement" front running), for example Eve spots Alice trying to buy a domain name and Eve buys it first. # Eve learns about a transaction Alice is going to take, and does something before Alice's transaction can run or possibly before it completes. Eve then needs Alice's transaction to be delayed or not execute at all (sometimes referred to as "suppression" front running), a good generic example of this is not available This list is not complete, but you get the general idea of how it works. Please also note that in the above scenarios the "and does something before Alice's transaction can run or possibly before it completes" can range from simple to complicated. Many transactions are relatively simple and can execute within a single block, for example buying an item. But some transactions are more complicated and can take longer to execute, for example a transaction that involves taking a loan, using the borrowed value to purchase something else and then sell it and pay back the original loan back (see "Flash Loan Attacks" for more information). This can introduce latency and provide more time for an attackers transaction to take place. !!!The first thing to look into is, how do attackers gain information about transactions before they run? In most DeFi systems this is trivial: they look at the public MemPool of transactions that have not yet been completed or mined. So the most obvious thing that comes to mind is that transactions need to run fairly. Unfortunately in most DeFi systems transactions do not run fairly. Many DeFi chains require transactions to have an attached fee such as Ethereum transaction fees, and many also require additional fees attached to the smart contract to ensure that smart contracts don't take up too much compute resources, such as Ethereum gas. An attacker that can spot a transaction in advance can simply create a malicious transaction with a much higher transaction fee attached to it, which miners will prefer (because the miner will earn more money). There is very little a victim can do to avoid this, other than by paying higher transaction fees to make attacks more expensive (in other words this is not a sustainable solution). So if transactions can't run fairly we could secure them by obfuscating the code and intent of the transaction. But this is far from perfect for one simple reason: the transaction still needs to be executed, an attacker can simply run the transaction (in a sandbox) and see what the effects of it are, even with multiple and difficult to reach code paths most smart contracts are relatively simple and their real purpose can often be determined quickly. A great example of this is the posting "Ethereum is a Dark Forest" which I strongly recommend everyone reads. !!!So we can't make transactions run fairly, and we can't obfuscate them safely if they are mined by public miners, what if we use our own mining pool? The reality is in most Blockchains and DLTs outside of Bitcoin and Ethereum the network doesn't have a huge amount of capacity, if your transaction is not time sensitive you can also mine a block with a high degree of success, with 1% of the network work rate you'd have a 39.5% chance of mining at least one block successfully, and that jumps to just over 50% after 69 blocks. It should be noted that you can rent compute power for most blockchains, and this has been done in order to execute 51% attacks against some of the smaller blockchain networks. We'll cover this specific topic more in our "Rent to Pwn the Blockchain" article (it has graphs/charts and all sorts of exciting numbers). So if you need to do transactions that are not time sensitive you can do that with 1-2% of the network capacity, and if you need to execute quickly you could in theory rent capacity for short amounts of time to improve your chances. Another solution to this would be "dark Mempools" where the Mempool is not public but is limited to "trusted" miners. It should be noted that research in this area could be done, monitoring the public Mempools and then flagging any transactions in blocks that were not in the public Mempool. This topic will also be covered more in the "Kansas city shuffle" article covering how dark pools and other forms of information secrecy could work in the DeFi world. !!!Key takeaways: * Complexity in systems that have value to be captured or extracted will be abused. In other words bank robbers go where the money is. * Systems that do not have clear regulatory or jurisdictional coverage mean victims will have little if any recourse. Who are you going to call? The Internet police? * Private addresses / wallets are nearly impossible to track down until they move the assets to known wallets, or move them to a Fiat currency on/off ramp, and even this can be complicated if they move between different assets and blockchains. !!!Follow this weekly blog series to keep learning about front running. So this article covered the more "traditional" forms of front running in the DeFi space, in the next article I'm going to cover the information asymmetry and latency scenarios especially as they apply to scenarios with multiple exchanges and distributed exchanges. For example Eve (the attacker) learns some other information that shows an imbalance in the system, which represents an arbitrage opportunity. Perhaps one exchange has an order selling a token at a significantly lower price than another exchange with a buy order at a much higher price, or perhaps a pricing Oracle has spit out a bad quote, or someone has made a typo in an order. Eve then constructs a transaction that takes advantage of this, technically speaking there may not be a victim per se in this situation and it may not actually be front running, but instead simply be a sharp trading strategy. We'll cover what wallet software and exchanges can do to protect users in our "Fear and loathing in Las Vegas" article. !!!Related reading: * SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain+++^*[»] https://users.encs.concordia.ca/~clark/papers/2019_wtsc_front.pdf === * Ethereum is a Dark Forest+++^*[»] https://medium.com/@danrobinson/ethereum-is-a-dark-forest-ecc5f0505dff === * Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges+++^*[»] https://arxiv.org/pdf/1904.05234.pdf === <<< //__Liens :__ * Article sur le site de la CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/02/why-lions-shouldn-t-invest-in-defi-smart-contracts/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #88|2020.11.01 - Newsletter Hebdomadaire #88]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #88|2020.11.01 - Weekly Newsletter - #88]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.11.01 - Newsletter Hebdomadaire #88]]>> |<<tiddler [[2020.11.01 - Weekly Newsletter - #88]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> === is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 26 octobre au 1er novembre 2020
!!1 - Informations CSA - 26 octobre au 1er novembre 2020

* ''Répondez au sondage CSA sur l'adoption du Cloud'' en 2020+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>=== 
* Actu : ''Participez au Congrès EMEA du 3 au 5 novembre 2020''+++*[»]> <<tiddler [[2020.10.27 - Actu : Participez au Congrès EMEA du 3 au 5 novembre 2020]]>>=== 
* Actu : Conférence Google Cloud 'Security Talks 2020'+++*[»]> <<tiddler [[2020.10.29 - Actu : Conférence Google Cloud 'Security Talks 2020']]>>=== 
* Blog : 'Cloud Security: The Necessity of Threat Hunting'+++*[»]> <<tiddler [[2020.10.28 - Blog : 'Cloud Security: The Necessity of Threat Hunting']]>>=== 
* Blog : 'Blockchain attacks, vulnerabilities and weaknesses'+++*[»]> <<tiddler [[2020.10.26 - Blog : 'Blockchain attacks, vulnerabilities and weaknesses']]>>=== 
!!2 - Veille Web Cloud et Sécurité ([[plus de 80 liens|2020.11.01 - Veille Hebdomadaire - 1er novembre]])

* __''À lire''__
** Réflexions sur la 'Kubernetes Threat Matrix' de Microsoft (Alcide)+++^*[»] 
|2020.10.26|//Alcide//|![[Microsoft's Kubernetes Threat Matrix: Here's What's Missing|https://www.darkreading.com/threat-intelligence/microsofts-kubernetes-threat-matrix-heres-whats-missing/a/d-id/1339106]] |K8s MITRE_AT&CK|
|2020.04.02|//Microsoft//| ← [[Attack matrix for Kubernetes|https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/]]|ATT&CK Kubernetes|
=== 
** Durcissement de Containers (DISA/DoD)+++^*[»] 
|2020.11.01|DISA/DoD|![[DevSecOps Enterprise Container Hardening Guide v1.1|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/Final_DevSecOps_Enterprise_Container_Hardening_Guide_1.1.pdf]] (pdf) |DevSecOps Hardening|
=== 
** Analyse des attaques de type 'Supply-Chain'+++^*[»] 
|2020.10.26|//TrendMicro//|![[Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back Ends|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/supply-chain-attacks-cloud-computing]] ([[pdf|https://documents.trendmicro.com/assets/white_papers/supply-chain-attacks-in-the-age-of-cloud-computing.pdf]]) |Report Supply_Chain|
=== 

* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : Arnaque via Google Drive+++^*[»] 
|2020.11.01|WIRED|[[Beware a New Google Drive Scam Landing in Inboxes|https://www.wired.com/story/beware-a-new-google-drive-scam-landing-in-inboxes/]]|Phishing Google_Drive|
=== 
** Fuites de données : Nitro+++^*[»] 
|2020.10.26|Bleeping Computer|[[[Massive Nitro data breach impacts Microsoft, Google, Apple, more|https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/]]|Data_Breach|
|2020.10.30|//Divvy Cloud//| → [[Nitro Data Breach Could Spell Trouble for Google, Apple, Microsoft and Others|https://divvycloud.com/nitro-data-breach/]]|Data_Breach|
=== 

* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Contrer les attaques DDoS+++^*[»] 
|2020.10.26|//Cloud Management Insider//|[[Security Best Practices for Google Cloud Users To Tackle DDoS Attacks|https://www.cloudmanagementinsider.com/how-to-prevent-ddos-attacks-on-gcp-deployments/]]|GCP DDoS|
=== 
** Détection: les attaques de type 'Password Spraying'+++^*[»] 
|2020.10.26|//Microsoft Azure//|![[Advancing Password Spray Attack Detection|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/advancing-password-spray-attack-detection/ba-p/1276936]] |AzureAD Password_Spray|
|2020.10.27|Security Week| → [[Microsoft Introduces New Password Spray Detection for Azure|https://www.securityweek.com/microsoft-introduces-new-password-spray-detection-azure]]|AzureAD Password_Spray|
|2020.10.27|CISO Mag| → [[Microsoft's Shield Against Password Spray Attacks Just Went a Notch Higher|https://cisomag.eccouncil.org/password-spray-attack-detection/]]|AzureAD Password_Spray|
=== 

* __Rapports, Sondages, Études, Publications__
** Études : Analyse du 'Hype Cycle For Cloud Security' du Gartner+++^*[»] 
|2020.10.26|Forbes|[[[What's New In Gartner's Hype Cycle For Cloud Security, 2020|https://www.forbes.com/sites/louiscolumbus/2020/10/25/whats-new-in-gartners-hype-cycle-for-cloud-security-2020/#50e06c037bd9]]|Gartner|
=== 

* __Cloud Services Providers, Outils__
** AWS : Enclaves Nitro • IPv6+++^*[»] 
|2020.10.28|//Cloudonaut//|![[Getting started with IPv6 on AWS|https://cloudonaut.io/getting-started-with-ipv6-on-aws/]] |AWS IPv6|
|2020.10.28|//Amazon AWS//|[[AWS Nitro Enclaves - Isolated EC2 Environments to Process Confidential Data|https://aws.amazon.com/blogs/aws/aws-nitro-enclaves-isolated-ec2-environments-to-process-confidential-data/]]|AWS_Nitro|
|2020.10.30|Help Net Security| → [[AWS Nitro Enclaves: Create isolated environments to protect highly sensitive workloads|https://www.helpnetsecurity.com/2020/10/30/aws-nitro-enclaves/]]|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - It's a Big Deal|https://www.sentiatechblog.com/acm-for-nitro-enclaves-its-a-big-deal]] (1/2)|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - How Secure Are They?|https://www.sentiatechblog.com/acm-for-nitro-enclaves-how-secure-are-they]] (2/2)|AWS_Nitro|
=== 
** Azure : Microsoft Defender ATP • Corrélation Azure AD et Office 365 Correlation dans Azure Sentinel • Contrôle de conformité+++^*[»] 
|2020.10.28|//Microsoft//|[[Enable access to Microsoft Defender ATP service URLs in the proxy server|https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server]]|Microsoft_Defender ATP|
|2020.10.28|//Microsoft//| → [[URLs|https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx]]|Microsoft_Defender ATP|
|2020.10.28|Bleeping Computer| → [[Microsoft shares list of URLs required by Microsoft Defender ATP|https://www.bleepingcomputer.com/news/security/microsoft-shares-list-of-urls-required-by-microsoft-defender-atp/]]|Microsoft_Defender ATP|
|2020.10.27|SecureCloudBlog|![[Correlating Azure AD logs to Office 365 workload operations With Azure Sentinel|https://securecloud.blog/2020/10/27/correlating-azure-ad-logs-to-office-365-workload-operations-with-azure-sentinel/]] |Logging AzureAD O365 Azure_Sentinel|
|2020.10.27|//Coalfire//|[[Using Azure Blueprints to Control Azure Compliance|https://www.coalfire.com/the-coalfire-blog/october-2020/using-azure-blueprints-to-control-azure-compliance]] (1/4)|Azure Compliance|
=== 
** GCP : 'Google Cloud Security Talks' du 4ème trimestre+++^*[»] 
|2020.10.27|//Google GCP//|[[What you can learn in our Q4 2020 Google Cloud Security Talks|https://cloud.google.com/blog/products/identity-security/google-cloud-security-talks-q4-2020-the-latest-in-cloud-security]]|GCP Conference|
=== 
** Oracle : Gestion des Identités+++^*[»] 
|2020.10.29|//Oracle Cloud//|[[How to do Identity Management, whilst not doing Identity Management|https://blogs.oracle.com/cloudsecurity/how-to-do-identity-management%2C-whilst-not-doing-identity-management]]|ID_Management|

=== 
** Kubernetes : Configuration et options de sécurité • Sécurité opértionnelle • Vecteurs de menaces : Exécution+++^*[»] 
|2020.10.29|Container Journal|[[Policy Engines: Ensuring Configuration Security in Kubernetes|https://containerjournal.com/topics/container-security/policy-engines-ensuring-configuration-security-in-kubernetes/]]|K8s|
|2020.10.29|Cybersecurity Insider|[[PSPs vs. OPA Gatekeeper: Breaking down your Kubernetes Pod security options|https://www.cybersecurity-insiders.com/psps-vs-opa-gatekeeper-breaking-down-your-kubernetes-pod-security-options/]]|K8s|
|2020.10.29|//Alcide//|![[Kubernetes Threat Vectors: Part 2 - Execution|https://www.alcide.io/kubernetes-threat-vectors-part-2-execution]] (2/11) |Kubernetes Threats|
|2020.10.28|//NeuVector//|[[13 Must-Ask Questions about Kubernetes Security in Production|https://neuvector.com/article/13-must-ask-questions-about-kubernetes-security-in-production/]]|K8s|
=== 
** Containers : Sauvegardes et restoration+++^*[»] 
|2020.10.26|Container Journal|[[Data Backup and Recovery Emerges as Container Issue|https://containerjournal.com/topics/container-security/data-backup-and-recovery-emerges-as-container-issue/]]|Containers Images|
=== 
** Workloads : Nouvelle approche pur la protection+++^*[»] 
|2020.10.27|//Red Canary//|[[A new approach to Cloud Workload Protection|https://redcanary.com/blog/cloud-workload-protection/]]|Workloads|
=== 
** Outils : KubeLinter (//StackRox//)+++^*[»] 
|2020.10.28|//StackRox//|[[Introducing KubeLinter - an open source linter for Kubernetes|https://www.stackrox.com/post/2020/10/introducing-kubelinter-an-open-source-linter-for-kubernetes/]]|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[KubeLinter: An open source linter for Kubernetes, from StackRox|https://www.youtube.com/watch?v=KWX0sWojV_0]] (vidéo)|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[kube-linter|https://github.com/stackrox/kube-linter]]|Tools Kubernetes|
|2020.10.28|Security Week| → [[StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations|https://www.securityweek.com/stackrox-releases-open-source-tool-finding-kubernetes-misconfigurations]]|Tools Kubernetes|
=== 

* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Conférence : 'AWS re:Invent 2020'+++^*[»] 
|2020.10.29|//Cloud Management Insider//|[[Everything You Need To Know About AWS re:Invent 2020|https://www.cloudmanagementinsider.com/everything-you-need-to-know-about-aws-reinvent-2020/]]|AWS Conference|
=== 
** Podcasts : RGPD et Azure (Cloud Security Podcast)+++^*[»] 
|2020.10.31|Cloud Security Podcast|[[How To Prepare For GDPR In Azure Cloud Environment - Naomi Buckwalter|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-PREPARE-FOR-GDPR-IN-AZURE-CLOUD-ENVIRONMENT--Naomi-Buckwalter-els0rc]] ([[audio|https://anchor.fm/s/10fb9928/podcast/play/21938476/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2020-11-01%2F8bac2c11c7e77df519b3048b75d93872.m4a]])|Podcast|
=== 
** Veilles : TL;DR Security #58 • The Cloud Security Reading List #61+++^*[»] 
|2020.10.31|Marco Lancini|[[The Cloud Security Reading List #61|https://cloudseclist.com/issues/issue-61/]] |Weekly_Newsletter|
|2020.10.28|TL;DR Security|[[#58 - New Job ??, Burp Multiplayer, Chaos Engineering Book|https://tldrsec.com/blog/tldr-sec-058/]] |Weekly_Newsletter|
=== 

* __Marché, Acquisitions__
** Marché : Certification d'une deuxième région Outscale+++^*[»] 
|2020.10.27|L'Usine Digitale[>img[iCSF/flag_fr.png]]|[[3DS Outscale ouvre une deuxième région cloud certifiée par l'Anssi|https://www.usine-digitale.fr/article/3ds-outscale-ouvre-une-deuxieme-region-cloud-certifiee-par-l-anssi.N1021159]]|France|
=== 

* __Divers__
** Critères de choix pour une plateforme Cloud Open-Source+++^*[»] 
|2020.10.27|Rick Blaisdell|[[Choosing an Open-Source Cloud Platform|https://rickscloud.com/open-source-cloud-platform/]]|Open_Source|
=== 
** Backup dans le Cloud+++^*[»] 
|2020.10.30|BetaNews|[[Could your business benefit from a cloud backup solution?|https://betanews.com/2020/10/30/cloud-backup-solution/]]|Backup|
|2020.10.30|Help Net Security|[[What's next for cloud backup?|https://www.helpnetsecurity.com/2020/10/30/cloud-backup-data/]]|Backup|
=== 
** IoT et le Cloud+++^*[»] 
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 1|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-1.html]] (1/2)|IoT|
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 2|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-2.html]] (2/2)|IoT|
=== 
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KB1/|https://CloudSecurityAlliance.fr/go/KB1/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - October 26th to November 1st, 2020
!!1 - CSA News and Updates - October 26th to November 1st, 2020

* ''Fill in the new CSA survey on Cloud Adoption in 2020''+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>=== 
* News: ''Attend the EMEA Congress, November 3rd to 5th, 2020''+++*[»]> <<tiddler [[2020.10.27 - Actu : Participez au Congrès EMEA du 3 au 5 novembre 2020]]>>=== 
* News: Google Cloud 'Security Talks 2020' online conference+++*[»]> <<tiddler [[2020.10.29 - Actu : Conférence Google Cloud 'Security Talks 2020']]>>=== 
* Blog: 'Cloud Security: The Necessity of Threat Hunting'+++*[»]> <<tiddler [[2020.10.28 - Blog : 'Cloud Security: The Necessity of Threat Hunting']]>>=== 
* Blog: 'Blockchain attacks, vulnerabilities and weaknesses'+++*[»]> <<tiddler [[2020.10.26 - Blog : 'Blockchain attacks, vulnerabilities and weaknesses']]>>=== 
!!2 - Cloud and Security News Watch ([[over 80 links|2020.11.01 - Veille Hebdomadaire - 1er novembre]])

* __''Must read''__
** Comments on Microsoft's Kubernetes Threat Matrix+++^*[»] 
|2020.10.26|//Alcide//|![[Microsoft's Kubernetes Threat Matrix: Here's What's Missing|https://www.darkreading.com/threat-intelligence/microsofts-kubernetes-threat-matrix-heres-whats-missing/a/d-id/1339106]] |K8s MITRE_AT&CK|
|2020.04.02|//Microsoft//| ← [[Attack matrix for Kubernetes|https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/]]|ATT&CK Kubernetes|
=== 
** Container Hardening Guide (DISA/DoD)+++^*[»] 
|2020.11.01|DISA/DoD|![[DevSecOps Enterprise Container Hardening Guide v1.1|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/Final_DevSecOps_Enterprise_Container_Hardening_Guide_1.1.pdf]] (pdf) |DevSecOps Hardening|
=== 
** Supply Chain Attacks in the Age of Cloud Computing+++^*[»] 
|2020.10.26|//TrendMicro//|![[Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back Ends|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/supply-chain-attacks-cloud-computing]] ([[pdf|https://documents.trendmicro.com/assets/white_papers/supply-chain-attacks-in-the-age-of-cloud-computing.pdf]]) |Report Supply_Chain|
=== 

* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: New Google Drive Scam+++^*[»] 
|2020.11.01|WIRED|[[Beware a New Google Drive Scam Landing in Inboxes|https://www.wired.com/story/beware-a-new-google-drive-scam-landing-in-inboxes/]]|Phishing Google_Drive|
=== 
** Leaks: Massive Nitro Data Breach+++^*[»] 
|2020.10.26|Bleeping Computer|[[[Massive Nitro data breach impacts Microsoft, Google, Apple, more|https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/]]|Data_Breach|
|2020.10.30|//Divvy Cloud//| → [[Nitro Data Breach Could Spell Trouble for Google, Apple, Microsoft and Others|https://divvycloud.com/nitro-data-breach/]]|Data_Breach|
=== 

* __Best Practices, and Detection__
** Best Practices: Tackling DDoS Attacks+++^*[»] 
|2020.10.26|//Cloud Management Insider//|[[Security Best Practices for Google Cloud Users To Tackle DDoS Attacks|https://www.cloudmanagementinsider.com/how-to-prevent-ddos-attacks-on-gcp-deployments/]]|GCP DDoS|
=== 
** Detection: Password Spray Attack Detection+++^*[»] 
|2020.10.26|//Microsoft Azure//|![[Advancing Password Spray Attack Detection|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/advancing-password-spray-attack-detection/ba-p/1276936]] |AzureAD Password_Spray|
|2020.10.27|Security Week| → [[Microsoft Introduces New Password Spray Detection for Azure|https://www.securityweek.com/microsoft-introduces-new-password-spray-detection-azure]]|AzureAD Password_Spray|
|2020.10.27|CISO Mag| → [[Microsoft's Shield Against Password Spray Attacks Just Went a Notch Higher|https://cisomag.eccouncil.org/password-spray-attack-detection/]]|AzureAD Password_Spray|
=== 

* __Reports, Surveys, Studies, Publications__
** Studies: Analysis of Gartner's Hype Cycle For Cloud Security+++^*[»] 
|2020.10.26|Forbes|[[[What's New In Gartner's Hype Cycle For Cloud Security, 2020|https://www.forbes.com/sites/louiscolumbus/2020/10/25/whats-new-in-gartners-hype-cycle-for-cloud-security-2020/#50e06c037bd9]]|Gartner|
=== 

* __Cloud Services Providers, Tools__
** AWS: Nitro Enclaves • IPv6+++^*[»] 
|2020.10.28|//Cloudonaut//|![[Getting started with IPv6 on AWS|https://cloudonaut.io/getting-started-with-ipv6-on-aws/]] |AWS IPv6|
|2020.10.28|//Amazon AWS//|[[AWS Nitro Enclaves - Isolated EC2 Environments to Process Confidential Data|https://aws.amazon.com/blogs/aws/aws-nitro-enclaves-isolated-ec2-environments-to-process-confidential-data/]]|AWS_Nitro|
|2020.10.30|Help Net Security| → [[AWS Nitro Enclaves: Create isolated environments to protect highly sensitive workloads|https://www.helpnetsecurity.com/2020/10/30/aws-nitro-enclaves/]]|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - It's a Big Deal|https://www.sentiatechblog.com/acm-for-nitro-enclaves-its-a-big-deal]] (1/2)|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - How Secure Are They?|https://www.sentiatechblog.com/acm-for-nitro-enclaves-how-secure-are-they]] (2/2)|AWS_Nitro|
=== 
** Azure: Microsoft Defender ATP service • Azure AD and Office 365 Correlation with Azure Sentinel • Azure Blueprints to Control Azure Compliance+++^*[»] 
|2020.10.28|//Microsoft//|[[Enable access to Microsoft Defender ATP service URLs in the proxy server|https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server]]|Microsoft_Defender ATP|
|2020.10.28|//Microsoft//| → [[URLs|https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx]]|Microsoft_Defender ATP|
|2020.10.28|Bleeping Computer| → [[Microsoft shares list of URLs required by Microsoft Defender ATP|https://www.bleepingcomputer.com/news/security/microsoft-shares-list-of-urls-required-by-microsoft-defender-atp/]]|Microsoft_Defender ATP|
|2020.10.27|SecureCloudBlog|![[Correlating Azure AD logs to Office 365 workload operations With Azure Sentinel|https://securecloud.blog/2020/10/27/correlating-azure-ad-logs-to-office-365-workload-operations-with-azure-sentinel/]] |Logging AzureAD O365 Azure_Sentinel|
|2020.10.27|//Coalfire//|[[Using Azure Blueprints to Control Azure Compliance|https://www.coalfire.com/the-coalfire-blog/october-2020/using-azure-blueprints-to-control-azure-compliance]] (1/4)|Azure Compliance|
=== 
** GCP: Q4 2020 Google Cloud Security Talks+++^*[»] 
|2020.10.27|//Google GCP//|[[What you can learn in our Q4 2020 Google Cloud Security Talks|https://cloud.google.com/blog/products/identity-security/google-cloud-security-talks-q4-2020-the-latest-in-cloud-security]]|GCP Conference|
=== 
** Oracle: Identity Management+++^*[»] 
|2020.10.29|//Oracle Cloud//|[[How to do Identity Management, whilst not doing Identity Management|https://blogs.oracle.com/cloudsecurity/how-to-do-identity-management%2C-whilst-not-doing-identity-management]]|ID_Management|
=== 
** Kubernetes: Security Configuration and Options • Security in production • Threat Vectors: Execution+++^*[»] 
|2020.10.29|Container Journal|[[Policy Engines: Ensuring Configuration Security in Kubernetes|https://containerjournal.com/topics/container-security/policy-engines-ensuring-configuration-security-in-kubernetes/]]|K8s|
|2020.10.29|Cybersecurity Insider|[[PSPs vs. OPA Gatekeeper: Breaking down your Kubernetes Pod security options|https://www.cybersecurity-insiders.com/psps-vs-opa-gatekeeper-breaking-down-your-kubernetes-pod-security-options/]]|K8s|
|2020.10.29|//Alcide//|![[Kubernetes Threat Vectors: Part 2 - Execution|https://www.alcide.io/kubernetes-threat-vectors-part-2-execution]] (2/11) |Kubernetes Threats|
|2020.10.28|//NeuVector//|[[13 Must-Ask Questions about Kubernetes Security in Production|https://neuvector.com/article/13-must-ask-questions-about-kubernetes-security-in-production/]]|K8s|
=== 
** Containers: Data Backup and Recovery+++^*[»] 
|2020.10.26|Container Journal|[[Data Backup and Recovery Emerges as Container Issue|https://containerjournal.com/topics/container-security/data-backup-and-recovery-emerges-as-container-issue/]]|Containers Images|
=== 
** Workloads: New Approach to Protection+++^*[»] 
|2020.10.27|//Red Canary//|[[A new approach to Cloud Workload Protection|https://redcanary.com/blog/cloud-workload-protection/]]|Workloads|
=== 
** Tools: KubeLinter (//StackRox//)+++^*[»] 
|2020.10.28|//StackRox//|[[Introducing KubeLinter - an open source linter for Kubernetes|https://www.stackrox.com/post/2020/10/introducing-kubelinter-an-open-source-linter-for-kubernetes/]]|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[KubeLinter: An open source linter for Kubernetes, from StackRox|https://www.youtube.com/watch?v=KWX0sWojV_0]] (vidéo)|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[kube-linter|https://github.com/stackrox/kube-linter]]|Tools Kubernetes|
|2020.10.28|Security Week| → [[StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations|https://www.securityweek.com/stackrox-releases-open-source-tool-finding-kubernetes-misconfigurations]]|Tools Kubernetes|
=== 

* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Conference: Preparing for 'AWS re:Invent 2020'+++^*[»] 
|2020.10.29|//Cloud Management Insider//|[[Everything You Need To Know About AWS re:Invent 2020|https://www.cloudmanagementinsider.com/everything-you-need-to-know-about-aws-reinvent-2020/]]|AWS Conference|
=== 
** Podcasts : RGPD et Azure (Cloud Security Podcast)+++^*[»] 
|2020.10.31|Cloud Security Podcast|[[How To Prepare For GDPR In Azure Cloud Environment - Naomi Buckwalter|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-PREPARE-FOR-GDPR-IN-AZURE-CLOUD-ENVIRONMENT--Naomi-Buckwalter-els0rc]] ([[audio|https://anchor.fm/s/10fb9928/podcast/play/21938476/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2020-11-01%2F8bac2c11c7e77df519b3048b75d93872.m4a]])|Podcast|
=== 
** Newsletters: TL;DR Security #58 • The Cloud Security Reading List #61+++^*[»] 
|2020.10.31|Marco Lancini|[[The Cloud Security Reading List #61|https://cloudseclist.com/issues/issue-61/]] |Weekly_Newsletter|
|2020.10.28|TL;DR Security|[[#58 - New Job ??, Burp Multiplayer, Chaos Engineering Book|https://tldrsec.com/blog/tldr-sec-058/]] |Weekly_Newsletter|
=== 

* __Market, Acquisitions__
** Market: Second Outscale Region+++^*[»] 
|2020.10.27|L'Usine Digitale[>img[iCSF/flag_fr.png]]|[[3DS Outscale ouvre une deuxième région cloud certifiée par l'Anssi|https://www.usine-digitale.fr/article/3ds-outscale-ouvre-une-deuxieme-region-cloud-certifiee-par-l-anssi.N1021159]]|France|
=== 

* __Miscellaneous__
** Choosing an Open-Source Cloud Platform+++^*[»] 
|2020.10.27|Rick Blaisdell|[[Choosing an Open-Source Cloud Platform|https://rickscloud.com/open-source-cloud-platform/]]|Open_Source|
=== 
** Cloud Backup+++^*[»] 
|2020.10.30|BetaNews|[[Could your business benefit from a cloud backup solution?|https://betanews.com/2020/10/30/cloud-backup-solution/]]|Backup|
|2020.10.30|Help Net Security|[[What's next for cloud backup?|https://www.helpnetsecurity.com/2020/10/30/cloud-backup-data/]]|Backup|
=== 
** Scaling IoT+++^*[»] 
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 1|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-1.html]] (1/2)|IoT|
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 2|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-2.html]] (2/2)|IoT|
=== 
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KB1/|https://CloudSecurityAlliance.fr/go/KB1/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 26 octobre au 1er novembre 2020
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.11.01|
|2020.11.01|Marco Lancini|[[The Cloud Security Reading List #61|https://cloudseclist.com/issues/issue-61/]] |Weekly_Newsletter|
|2020.11.01|Cloud Security Podcast|[[How To Prepare For GDPR In Azure Cloud Environment - Naomi Buckwalter|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-PREPARE-FOR-GDPR-IN-AZURE-CLOUD-ENVIRONMENT--Naomi-Buckwalter-els0rc]] ([[audio|https://anchor.fm/s/10fb9928/podcast/play/21938476/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2020-11-01%2F8bac2c11c7e77df519b3048b75d93872.m4a]])|Podcast|
|2020.11.01|DISA/DoD|![[DevSecOps Enterprise Container Hardening Guide v1.1|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/Final_DevSecOps_Enterprise_Container_Hardening_Guide_1.1.pdf]] (pdf) |DevSecOps Hardening|
|2020.11.01|Security and Cloud 24/7|[[Tips for Selecting a Public Cloud Provider|https://security-24-7.com/tips-for-selecting-a-public-cloud-provider/]]|Misc|
|2020.11.01|WIRED|[[Beware a New Google Drive Scam Landing in Inboxes|https://www.wired.com/story/beware-a-new-google-drive-scam-landing-in-inboxes/]]|Phishing Google_Drive|
|2020.11.01|Matt Soseman|[[The NEW Attack Simulator in M365 w/ End User Training|https://www.youtube.com/watch?v=jW3vgn15aYU]]|M365 Simulation|
|2020.11.01|//Cloudberry Engineering//|[[A Practical Introduction to Container Security|https://cloudberry.engineering/article/practical-introduction-container-security/]]|Containers|
|>|>|>|!|
|>|>|>||
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.10.31|
|2020.10.31|SANS|[[How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK Matrix|https://www.youtube.com/watch?v=wtB73OHAubQ]] (vidéo)|AWS ATT&CK|
|>|>|>|!2020.10.30|
|2020.10.30|DataCenter Mag[>img[iCSF/flag_fr.png]]|[[Scaleway lance Private Networks, le premier service Virtual Private Cloud|https://datacenter-magazine.fr/scaleway-lance-private-networks-le-premier-service-virtual-private-cloud/]]|Scaleway VPC|
|2020.10.30|SANS|[[How to Create a Scalable and Automated Edge Strategy in the AWS Cloud|https://www.sans.org/reading-room/whitepapers/analyst/create-scalable-automated-edge-strategy-aws-cloud-39924]]|AWS|
|2020.10.30|BetaNews|[[Why cloud security is more important than ever|https://betanews.com/2020/10/30/cloud-security-more-important-than-ever/]]|Misc|
|2020.10.30|BetaNews|[[Could your business benefit from a cloud backup solution?|https://betanews.com/2020/10/30/cloud-backup-solution/]]|Backup|
|2020.10.30|Help Net Security|[[What's next for cloud backup?|https://www.helpnetsecurity.com/2020/10/30/cloud-backup-data/]]|Backup|
|2020.10.30|Container Journal|[[What Will It Take to Shift Kubernetes Security Left? appeared|https://containerjournal.com/topics/container-security/what-will-it-take-to-shift-kubernetes-security-left/]]|K8s|
|2020.10.30|Open Container Initiative|![[Consuming Public Content|https://opencontainers.org/posts/blog/2020-10-30-consuming-public-content/]] |Containers Image Registry|
|2020.10.30|//Rewind//|[[Cybersecurity and Cloud Computing: Risks and Benefits|https://rewind.com/blog/cybersecurity-and-cloud-computing-risks-and-benefits/]]|Risks|
|2020.10.30|//StackRox//|[[StackRox + AWS + Kubernetes - A look inside our Security Hub integration|https://www.stackrox.com/post/2020/10/stackrox-aws-kubernetes-a-look-inside-our-security-hub-integration/]]|Products StackRox|
|2020.10.30|//Google GCP//|[[Understanding Data Encryption in Google Cloud|https://medium.com/google-cloud/understanding-data-encryption-in-google-cloud-c36d9095fb38]]|Comics Encryption|
|>|>|>|!2020.10.29|
|2020.10.29|CSO Online|[[14 controls for securing SAP systems in the cloud|https://www.csoonline.com/article/3586626/14-controls-for-securing-sap-systems-in-the-cloud.html]]|SAP Controls|
|2020.10.29|Container Journal|[[Policy Engines: Ensuring Configuration Security in Kubernetes|https://containerjournal.com/topics/container-security/policy-engines-ensuring-configuration-security-in-kubernetes/]]|K8s|
|2020.10.29|The Register|[[A cloud server with no network, no persistent storage, and no user access - what is AWS thinking?|https://go.theregister.com/feed/www.theregister.com/2020/10/29/aws_enclaves/]]|AWS|
|2020.10.29|Cybersecurity Insider|[[PSPs vs. OPA Gatekeeper: Breaking down your Kubernetes Pod security options|https://www.cybersecurity-insiders.com/psps-vs-opa-gatekeeper-breaking-down-your-kubernetes-pod-security-options/]]|K8s|
|2020.10.29|//Alcide//|![[Kubernetes Threat Vectors: Part 2 - Execution|https://www.alcide.io/kubernetes-threat-vectors-part-2-execution]] (2/11) |Kubernetes Threats|
|2020.10.29|//Cloud Management Insider//|[[Everything You Need To Know About AWS re:Invent 2020|https://www.cloudmanagementinsider.com/everything-you-need-to-know-about-aws-reinvent-2020/]]|AWS Conference|
|2020.10.29|//Oracle Cloud//|[[How to do Identity Management, whilst not doing Identity Management|https://blogs.oracle.com/cloudsecurity/how-to-do-identity-management%2C-whilst-not-doing-identity-management]]|ID_Management|
|>|>|>|!2020.10.28|
|2020.10.28|TL;DR Security|[[#58 - New Job ??, Burp Multiplayer, Chaos Engineering Book|https://tldrsec.com/blog/tldr-sec-058/]] |Weekly_Newsletter|
|2020.10.28|DZone|[[How to Reduce Docker Image Size|https://dzone.com/articles/how-to-reduce-docker-image-size]]|Docker|
|2020.10.28|Help Net Security|[[AttackIQ integrates Security Optimization Platform with Microsoft Azure Sentinel cloud-native SIEM platform|https://www.helpnetsecurity.com/2020/10/28/attackiq-microsoft-azure-sentinel/]]|Products SIEM|
|2020.10.28|//Cloudonaut//|![[Getting started with IPv6 on AWS|https://cloudonaut.io/getting-started-with-ipv6-on-aws/]] |AWS IPv6|
|2020.10.28|//StackRox//|[[Introducing KubeLinter - an open source linter for Kubernetes|https://www.stackrox.com/post/2020/10/introducing-kubelinter-an-open-source-linter-for-kubernetes/]]|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[KubeLinter: An open source linter for Kubernetes, from StackRox|https://www.youtube.com/watch?v=KWX0sWojV_0]] (vidéo)|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[kube-linter|https://github.com/stackrox/kube-linter]]|Tools Kubernetes|
|2020.10.28|Security Week| → [[StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations|https://www.securityweek.com/stackrox-releases-open-source-tool-finding-kubernetes-misconfigurations]]|Tools Kubernetes|
|2020.10.28|Container Journal| → [[StackRox Tool Prevents Kubernetes Misconfigurations|https://containerjournal.com/topics/container-management/stackrox-tool-prevents-kubernetes-misconfigurations/]]|Tools Kubernetes|
|2020.10.28|Container Journal| → [[StackRox Releases KubeLinter, an Open Source Tool to Identify Kubernetes Misconfigurations|https://containerjournal.com/news/news-releases/stackrox-releases-kubelinter-an-open-source-tool-to-identify-kubernetes-misconfigurations/]]|Tools Kubernetes|
|2020.10.28|//Tripwire//|[[4 Considerations for a Secure Cloud Environment|https://www.tripwire.com/state-of-security/featured/4-considerations-secure-cloud-environment/]]|Misc|
|2020.10.28|//CloudCheckr//|[[How to Supercharge Your Security-First Cloud Strategy in 3 Steps|https://cloudcheckr.com/cloud-security/how-to-supercharge-your-security-first-cloud-strategy-in-3-steps/]]|Misc|
|2020.10.28|//AvePoint//|[[How to Identify Sensitive Information Types in Office 365|https://www.avepoint.com/blog/protect/office-365-sensitive-data/]]|O365|
|2020.10.28|//HashiCorp//|[[Deploying Terraform Enterprise in Air Gapped Environments|https://www.hashicorp.com/blog/deploying-terraform-enterprise-in-airgapped-environments]]|Segregation|
|2020.10.28|//NeuVector//|[[13 Must-Ask Questions about Kubernetes Security in Production|https://neuvector.com/article/13-must-ask-questions-about-kubernetes-security-in-production/]]|K8s|
|2020.10.28|//Menlo Security//|[[Update on DoD's Cloud-Based Internet Isolation|https://www.menlosecurity.com/blog/update-on-dods-cloud-based-internet-isolation]]|Isolation|
|2020.10.28|//Amazon AWS//|[[AWS Nitro Enclaves - Isolated EC2 Environments to Process Confidential Data|https://aws.amazon.com/blogs/aws/aws-nitro-enclaves-isolated-ec2-environments-to-process-confidential-data/]]|AWS_Nitro|
|2020.10.30|Help Net Security| → [[AWS Nitro Enclaves: Create isolated environments to protect highly sensitive workloads|https://www.helpnetsecurity.com/2020/10/30/aws-nitro-enclaves/]]|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - It's a Big Deal|https://www.sentiatechblog.com/acm-for-nitro-enclaves-its-a-big-deal]] (1/2)|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - How Secure Are They?|https://www.sentiatechblog.com/acm-for-nitro-enclaves-how-secure-are-they]] (2/2)|AWS_Nitro|
|2020.10.28|//Trimarc Security//|[[Securing Microsoft Azure AD Connect|https://www.hub.trimarcsecurity.com/post/securing-microsoft-azure-ad-connect]]|AzureAD|
|2020.10.28|//Amazon AWS//|[[Announcing SSL/TLS certificates for Amazon EC2 instances with AWS Certificate Manager (ACM) for Nitro Enclaves|https://aws.amazon.com/about-aws/whats-new/2020/10/announcing-aws-certificate-manager-for-nitro-enclaves/]]|AWS_Nitro|
|2020.10.28|//Microsoft//|[[Back to the future: What the Jericho Forum taught us about modern security|https://www.microsoft.com/security/blog/2020/10/28/back-to-the-future-what-the-jericho-forum-taught-us-about-modern-security/]]|Governance|
|2020.10.28|//Microsoft//|[[Enable access to Microsoft Defender ATP service URLs in the proxy server|https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server]]|Microsoft_Defender ATP|
|2020.10.28|//Microsoft//| → [[URLs|https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx]]|Microsoft_Defender ATP|
|2020.10.28|Bleeping Computer| → [[Microsoft shares list of URLs required by Microsoft Defender ATP|https://www.bleepingcomputer.com/news/security/microsoft-shares-list-of-urls-required-by-microsoft-defender-atp/]]|Microsoft_Defender ATP|
|2020.10.28|//Google GCP//|[[Cloud Storage object lifecycle management gets new controls|https://cloud.google.com/blog/products/storage-data-transfer/cloud-storage-gets-new-olm-rules/]]|GCP Storage|
|>|>|>|!2020.10.27|
|2020.10.27|L'Usine Digitale[>img[iCSF/flag_fr.png]]|[[3DS Outscale ouvre une deuxième région cloud certifiée par l'Anssi|https://www.usine-digitale.fr/article/3ds-outscale-ouvre-une-deuxieme-region-cloud-certifiee-par-l-anssi.N1021159]]|France|
|2020.10.27|SecureCloudBlog|![[Correlating Azure AD logs to Office 365 workload operations With Azure Sentinel|https://securecloud.blog/2020/10/27/correlating-azure-ad-logs-to-office-365-workload-operations-with-azure-sentinel/]] |Logging AzureAD O365 Azure_Sentinel|
|2020.10.27|Rick Blaisdell|[[Choosing an Open-Source Cloud Platform|https://rickscloud.com/open-source-cloud-platform/]]|Open_Source|
|2020.10.27|GitHub|[[Code Scanning a GitHub Repository using GitHub Advanced Security within an Azure DevOps Pipeline|https://github.blog/2020-10-27-code-scanning-a-github-repository-using-github-advanced-security-within-an-azure-devops-pipeline/]]|Code_Scanning GitHub|
|2020.10.27|Container Journal|[[Aqua Security Announces the Industry's Most Advanced Kubernetes Security Solution|https://containerjournal.com/news/news-releases/aqua-security-announces-the-industrys-most-advanced-kubernetes-security-solution/]]|Products Kubernetes|
|2020.10.27|Container Journal| → [[Aqua Security Simplifies Kubernetes Security|https://containerjournal.com/topics/container-security/aqua-security-simplifies-kubernetes-security/]]|Products Kubernetes|
|2020.10.28|Help Net Security| → [[Aqua Security unveils Kubernetes-native security capabilities|https://www.helpnetsecurity.com/2020/10/28/aqua-security-kubernetes-native-security-capabilities/]]|Products Kubernetes|
|2020.10.27|Marc-Henry Geay|[[AWS Cloudtrail samples|https://dev-website.lab-terraform.mhg.ovh/aws-cloudtrail-samples.html]]|AWS_Cloudtrail|
|2020.10.27|//Red Canary//|[[A new approach to Cloud Workload Protection|https://redcanary.com/blog/cloud-workload-protection/https://redcanary.com/blog/cloud-workload-protection/]]|Workloads|
|2020.10.27|//Sysdig//|[[Understanding and mitigating CVE-2020-8566: Ceph cluster admin credentials leaks in kube-controller-manager log|https://sysdig.com/blog/falco-cve-2020-8566-ceph/]]|Vulnerability CVE-2020-8566|
|2020.10.27|//Sysdig//|[[SOC 2 compliance for containers and Kubernetes security|https://sysdig.com/blog/soc-2-compliance/]]|Compliance Containers Kubernetes|
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 1|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-1.html]] (1/2)|IoT|
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 2|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-2.html]] (2/2)|IoT|
|2020.10.27|//Coalfire//|[[Using Azure Blueprints to Control Azure Compliance|https://www.coalfire.com/the-coalfire-blog/october-2020/using-azure-blueprints-to-control-azure-compliance]] (1/4)|Azure Compliance|
|2020.10.27|//Anchore//|[[DevSecOps and the Next Generation of Digital Transformation|https://anchore.com/blog/devsecops-and-the-next-generation-of-digital-transformation/]]|DevSecOps|
|2020.10.27|//Intezer//|[[Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center|https://www.intezer.com/blog/migrating-to-the-cloud-compliance-issues-when-transitioning-from-a-traditional-data-center/]]|Compliance|
|2020.10.27|//Google GCP//|[[What you can learn in our Q4 2020 Google Cloud Security Talks|https://cloud.google.com/blog/products/identity-security/google-cloud-security-talks-q4-2020-the-latest-in-cloud-security]]|GCP Conference|
|2020.10.27|//Google GCP//|[[Preparing Google Cloud deployments for Docker Hub pull request limits|https://cloud.google.com/blog/products/containers-kubernetes/mitigating-the-impact-of-new-docker-hub-pull-request-limits/]]|GCP Docker|
|>|>|>|!2020.10.26|
|2020.10.26|Forbes|[[[What's New In Gartner's Hype Cycle For Cloud Security, 2020|https://www.forbes.com/sites/louiscolumbus/2020/10/25/whats-new-in-gartners-hype-cycle-for-cloud-security-2020/#50e06c037bd9]]|Gartner|
|2020.10.26|Security Forum|[[[Cybersecurity, Cloud Skills: Key to Companies' Digital Transformation|https://www.securityforum.org/news/cybersecurity-cloud-skills-key-to-companies-digital-transformation/]]|Skill|
|2020.10.26|Bleeping Computer|[[[Massive Nitro data breach impacts Microsoft, Google, Apple, more|https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/]]|Data_Breach|
|2020.10.30|//Divvy Cloud//| → [[Nitro Data Breach Could Spell Trouble for Google, Apple, Microsoft and Others|https://divvycloud.com/nitro-data-breach/]]|Data_Breach|
|2020.10.26|Container Journal|[[Data Backup and Recovery Emerges as Container Issue|https://containerjournal.com/topics/container-security/data-backup-and-recovery-emerges-as-container-issue/]]|Containers Images|
|2020.10.26|Jason Ostrom|[[Building Azure Cyber Ranges for Learning and Fun|https://levelup.gitconnected.com/building-azure-cyber-ranges-for-learning-and-fun-9df1debb2eae]]|Exercise|
|2020.10.26|Ahmed Khamessi|[[Azure Policy and OPA Gatekeeper underlay for AKS|https://ahmedkhamessi.com/2020-10-26-Azure-Policy-AKS/]]|Azure AKS|
|2020.10.26|Computer Weekly|[[Oracle expands UK datacentre footprint with new private and public sector-focused cloud regions|https://www.computerweekly.com/news/252490998/Oracle-expands-UK-datacentre-footprint-with-new-private-and-public-sector-focused-regions]]|Oracle|
|2020.10.26|Marc-Henry Geay|![[Overview of AWS Logs|https://dev-website.lab-terraform.mhg.ovh/overview-of-aws-logs.html]] |AWS Logging|
|2020.10.26|//TrendMicro//|![[Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back Ends|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/supply-chain-attacks-cloud-computing]] ([[pdf|https://documents.trendmicro.com/assets/white_papers/supply-chain-attacks-in-the-age-of-cloud-computing.pdf]]) |Report Supply_Chain|
|2020.10.26|//Cloud Management Insider//|[[Security Best Practices for Google Cloud Users To Tackle DDoS Attacks|https://www.cloudmanagementinsider.com/how-to-prevent-ddos-attacks-on-gcp-deployments/]]|GCP DDoS|
|2020.10.26|//Alcide//|![[Microsoft's Kubernetes Threat Matrix: Here's What's Missing|https://www.darkreading.com/threat-intelligence/microsofts-kubernetes-threat-matrix-heres-whats-missing/a/d-id/1339106]] |K8s MITRE_AT&CK|
|2020.10.26|//iland//|[[Why do you need a global footprint for your cloud?|https://blog.iland.com/cloud/why-do-you-need-a-global-footprint-for-your-cloud/]]|Misc|
|2020.10.26|//Amazon AWS//|[[AWS Shield now provides global and per-account event summaries to all AWS customers|https://aws.amazon.com/about-aws/whats-new/2020/10/aws-shield-provides-global-and-per-account-event-summaries-to-all-aws-customers/]]|AWS_Shield|
|2020.04.02|//Microsoft//|[[Attack matrix for Kubernetes|https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/]]|ATT&CK Kubernetes|
|2020.10.26|//Microsoft Azure//|![[Advancing Password Spray Attack Detection|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/advancing-password-spray-attack-detection/ba-p/1276936]] |AzureAD Password_Spray|
|2020.10.27|Security Week| → [[Microsoft Introduces New Password Spray Detection for Azure|https://www.securityweek.com/microsoft-introduces-new-password-spray-detection-azure]]|AzureAD Password_Spray|
|2020.10.27|CISO Mag| → [[Microsoft's Shield Against Password Spray Attacks Just Went a Notch Higher|https://cisomag.eccouncil.org/password-spray-attack-detection/]]|AzureAD Password_Spray|
|2020.10.26|//Oracle Cloud//|[[Comparing the Top 20 Security Controls from CIS to DevSecOps|https://blogs.oracle.com/cloudsecurity/comparing-the-top-20-security-controls-from-cis-to-devsecops]]|DevSecOps Controls|
|2020.10.26|//Threatpost//|[[Containerd Bug Exposes Cloud Account Credentials|https://threatpost.com/containerd-bug-cloud-account-credentials/160546/]]|Vulnerability CVE-2020-15157|
<<tiddler [[arOund0C]]>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202010>>
<<tiddler fAll2Tabs10 with: VeilleM","_202010>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Octobre 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202010>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Octobre 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Octobre 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202010'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202010'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Octobre 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202010'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Octobre 2020]]>>
!//Five Actions to Mitigate the Financial Damage of Ransomware//
[>img(150px,auto)[iCSA/KAUBF.jpg]]^^Article publié le 30 octobre 2020 sur le blog de la CSA, et le 27 mai 2020 sur le site de Asiga.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/30/five-actions-to-mitigate-the-financial-damage-of-ransomware/
* Site TokenEx ⇒ https://www.asigra.com/press-releases/asigra-presents-five-preventative-and-responsive-best-practices-mitigate-ransomware

^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//6 Data Governance Best Practices in 2020//
[>img(150px,auto)[iCSA/KARB6.jpg]]^^Article publié le 20 octobre 2020 sur le blog de la CSA, et le 28 octobre 2019 (sic) sur le site de TokenEx.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/27/6-data-governance-best-practices-in-2020/
* Site TokenEx ⇒ https://www.tokenex.com/blog/6-data-governance-best-practices-in-2020

^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Vendor Management Software Evaluation: How to Get Executive Buy-In//
[>img(150px,auto)[iCSA/KANBV.jpg]]^^Article publié le 23 octobre 2020 sur le blog de la CSA, et le 14 octobre sur le site de Whistic.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/23/vendor-management-software-evaluation-how-to-get-executive-buy-in/
* Site Whistic ⇒ https://www.whistic.com/resources/how-to-get-executive-buy-in

^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Mobile Application Security Testing (MAST) - Charter//
<<<
//Mobile Applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. Cloud computing has allowed for the instantaneous utilization of applications which imparts tremendous agility to the enterprise.//
<<<
__Lien __
* Annonce → https://cloudsecurityalliance.org/artifacts/mobile-application-security-testing-mast-charter/
* Téléchargement (PDF) → https://cloudsecurityalliance.org/download/artifacts/mobile-application-security-testing-mast-charter/

^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Data Privacy vs. Data Security: What is the Core Difference?//
[>img(150px,auto)[iCSA/KAKBD.jpg]]^^Article publié le 20 octobre 2020 sur le blog de la CSA, et le 7 juillet 2020 sur le site de TokenEx.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/20/data-privacy-vs-data-security-what-is-the-core-difference/
* Site TokenEx ⇒ https://www.tokenex.com/blog/data-privacy-vs-security

^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//How secure are your SaaS applications?//
[>img(150px,auto)[iCSA/KAJBH.jpg]]^^Article publié le 19 octobre 2020 sur le blog de la CSA, et sur le site d'AppOmni.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/19/how-secure-are-your-saas-applications/
* Site AppOmni ⇒ https://appomni.com/blog-how-secure-are-your-saas-applications/

^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Security Alliance Announces Recipients of 2020 Ron Knode Service Awards//
[>img(150px,auto)[iCSF/cloud-security-alliance.png]]^^Communiqué de presse de la CSA publié le 7 octobre 2020.
__Liens :__
* Communiqué de presse de la CSA ⇒ https://cloudsecurityalliance.org/press-releases/2020/10/07/cloud-security-alliance-announces-recipients-of-2020-ron-knode-service-awards/

^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Complementing Your CSPM with Runtime Cloud Workload Protection//
[>img(150px,auto)[iCSA/KA7BC.jpg]]^^Article publié le 7 octobre 2020 sur le blog de la CSA, et sur le site d'Intezer le 10 septembre 2020 et déjà mentionnné dans la veille pour son intérêt.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/07/complementing-your-cspm-with-runtime-cloud-workload-protection/
* Site Intezer ⇒ https://www.intezer.com/blog/cloud-security/complementing-your-cspm-with-runtime-cloud-workload-protection/

^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Improving Data Security for SaaS Apps - 5 Key Questions every CISO needs to ask//
[>img(150px,auto)[iCSA/KA6BI.jpg]]^^Article publié le 6 octobre 2020 sur le blog de la CSA, et sur le site de CipherCloud le 4 mai 2019 (sic).
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/05/aws-security-best-practices-cloud-security-report-2020-for-infosec/ /% ''[[CloudSecurityAlliance.fr/go/§sGO-CSA§/|https://CloudSecurityAlliance.fr/go/§GO-CSA§/]]'' %/
* Site CipherCloud ⇒ https://www.ciphercloud.com/maintaining-data-security-during-cloud-adoption-5-questions-cios-need-to-ask/

^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//AWS Security Best Practices: Cloud Security Report 2020 for InfoSec//
[>img(auto,113px)[iCSF/KA5B2.jpg]][>img(150px,auto)[iCSA/KA5BA.jpg]]^^Article publié le 5 octobre 2020 sur le blog de la CSA, et sur le site de Cloud Passage le 15 septembre 2020.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/05/aws-security-best-practices-cloud-security-report-2020-for-infosec/ /% ''[[CloudSecurityAlliance.fr/go/§sGO-CSA§/|https://CloudSecurityAlliance.fr/go/§GO-CSA§/]]'' %/
* Site Cloud Passage ⇒ https://www.cloudpassage.com/articles/aws-security-best-practices-aws-cloud-security-report-2020/ /% ''[[CloudSecurityAlliance.fr/go/§sGO-SITE§/|https://CloudSecurityAlliance.fr/go/§sGO-SITE§/]]'' %/

^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//No Free Rides With Your OAuth Tokens//
[>img(150px,auto)[iCSA/KA3BN.jpg]]^^Article publié le 3 octobre 2020 sur le blog de la CSA.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/03/no-free-rides-with-your-oauth-tokens/

^^[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(300px,auto)[iCSF/KAIWG.png]]La conférence ''Google Cloud 'Security Talks 2020''' se déroulera le 18 novembre 2020 en ligne de 18h à 22h (heure française)

|>|!Agenda|
|18h00 à 18h20|!Google Cloud - Latest Security Updates|
|~|Intervenants : Robert Sadowski, Sunil Potti|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=latest-updates]]|
|18h20 à 19h00|!Office of the CISO presents: Moving to cloud - A chance to finally transform your security|
|~|Intervenants : Dave Hannigan, Jeanette Manfra, Anton Chuvakin|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=transform-security]]|
|19h00 à 19h30|!An introduction to security in Google Workspace|
|~|Intervenants : Karthik Lakshminarayanan, Kelly Waldher|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=intro-security-google-workspace]]|
|19h30 à 20h00|!The Future of Network Security is in the Cloud|
|~|Intervenants : Peter Blum, Shailesh Shukla|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=future-network-security]]|
|20h00 à 20:30|!The Gamechanger - Confidential GKE Nodes in GCP|
|~|Intervenants : Sam Lugani, Ibrahim Damlaj|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=the-gamechanger]]|
|20:30 à 21:00|!Improve your security posture with the Security Command Center|
|~|Intervenants : Kathryn Shih, Timothy Peacock|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=improve-security-posture]]|
|21h00 à 21:30|!The Better Fit: Key Management vs. Secret Management|
|~|Intervenants : Anton Chuvakin, Seth Vargo|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=the-better-fit]]|
|21h:30 à 22:00|!Google Cloud Security Showcase|
|~|Intervenant : Sam Lugani|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=security-showcase]]|

__Liens :__
* Présentation et inscriptions → https://cloudonair.withgoogle.com/events/security-talks-november-2020
<<tiddler [[arOund0C]]>>
!"//Cloud Security: The Necessity of Threat Hunting//"
Article publié le 28 octobre 2020 — Rédigé par le Chapitre du Minnesota+++^*[»] https://www.csamn.com/ === //
<<<
!!!What is threat hunting?
[<img(200px,auto)[iCSA/KASBC.jpg]]Threat hunting is the proactive search for real and potential threats that may be hidden in a network's environment. These threats are tricky and malicious and are designed to pass through endpoint defenses undetected. If unfound, these attacks can compromise critical data, even gaining access across your entire environment. While traditional security programs are important, threat hunting goes above and beyond by identifying and ultimately helping to remediate vicious attacks.
!!!Why It Needs to Matter to YOU
This is where YOU come in. The best front-line, security defense starts with the individual. As a security professional, you must know the best practices of the industry and be aware of existence and tendencies of these (and other) types of attacks. At Cloud Security Alliance (CSA), we aim to raise awareness of best practices to help ensure a secure cloud computing environment.
Each year there are an increasing amount of cloud security roles within organizations. No matter what your security focus is, having an understanding of how a threat actor thinks, how they operate, vulnerabilities they exploit along with an overview of the tools they use for attacks will allow you to be a more effective security professional. Having a better understanding from a threat actor point of view, whether deep or high-level, will assist you and your career in the following ways:
* Enable you to better explain security decisions to your peers, work colleagues and leaders.
* Promote better and more informed decision-making practices.
* Open the door to new opportunities and career paths.
* Share experiences by mentoring our next generation of security professionals.
!!!What YOU Can Do
First, it is crucial that you know what "normal" looks like on your network. This is where you need to create a baseline, so comparison is easier. Anything not considered normal should immediately raise a red flag. Additionally, try to remain unbiased and do not let any preconceived notions affect your judgement of what normal looks like. Anything unordinary should be flagged for investigation or potential remediation.
Knowing what normal looks like on your network is a great baseline to begin threat hunting, however, it is just the beginning. Knowledge is power, as they say, and a security professional can never be overly informed. That is why CSA has partnered with RSA. With this partnership, RSA will begin to offer ongoing virtual threat hunting workshops. These workshops will cut through all the nonsense and give you real-world, practical, hands-on knowledge of why threat hunting is a critical part of any security program and give you the tools you need to stop the most malicious attacks.
To sign-up for the Hands On Threat Hunting Workshop please follow the instructions on the following page+++^*[»] https://www.csamn.com/rsa-event === 
<<<
//__Liens :__
* Article sur le site de la CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/28/cloud-security-the-necessity-of-threat-hunting/
!!//Congrès CSA EMEA 2020//
[>img(230px,auto)[iCSA/KB3CE.jpg]]Le Congrès EMEA ne pouvant pas se dérouler à Berlin, comme initialement prévu. il se déroulera en ligne.
Les dates et heures sont les suivantes :
* les ''3, 4 et 5 novembre 2020''
* 5 présentations par jour entre 9h00 et 13h00
Pour suivre ces présentations, la plateforme BrightTalk est de nouveau utilisée. Elle permet de les revoir quelques jours après la diffusion initiale.

L'agenda complet et les liens d'inscription sont ci-dessous.
|>|>|!Mardi 3 novembre 2020 |
|>|>|//Attendees will learn to improve their organization's cloud governance and risk and compliance posture, in addition to promoting transparency and continuous compliance with...//|
| 9:00|!CSA's Perspective on Cloud Risk Management|[img(200px,auto)[iCSA/KB3W1.png]]|
|~|Inscription → [[brighttalk/csas-perspective-on-cloud-risk-management|https://www.brighttalk.com/webinar/csas-perspective-on-cloud-risk-management/]]|~|
| 10:00|!The Correlation Between Security Ratings and Breach Likelihood|[img(200px,auto)[iCSA/KB3W2.png]]|
|~|Inscription → [[brighttalk/442730|https://www.brighttalk.com/webinar/the-correlation-between-security-ratings-and-breach-likelihood/]]|~|
| 10:45|!GAIA-X: Current Status and Outlook - What to Expect and How to Engage|[img(200px,auto)[iCSA/KB3W3.png]]|
|~|Inscription → [[brighttalk/442733|https://www.brighttalk.com/webinar/cloud-security-post-covid-19-where-to-go-next/]]|~|
| 11:30|!Cloud Security post Covid-19, Where to Go Next|[img(200px,auto)[iCSA/KB3W4.png]]|
|~|Inscription → [[brighttalk/442739|https://www.brighttalk.com/webinar/using-opa-for-continuous-compliance-with-cloud-infrastructure-policy-as-code/]]|~|
| 12:15|!Using OPA for Continuous Compliance with Cloud Infrastructure Policy-as-Code|[img(200px,auto)[iCSA/KB3W5.png]]|
|~|Inscription → [[brighttalk/442742|https://www.brighttalk.com/webinar/using-opa-for-continuous-compliance-with-cloud-infrastructure-policy-as-code/]]|~|
|>|>|!|
|>|>||
|>|>|!Mercredi 4 novembre 2020 |
|>|>|//Modernization of one's approach to the cloud is the day's focus. Attendees will learn how to improve their architecture, implement automations, and prepare for emerging technologies with...//|
| 9:00|!Get Quantum Safe|[img(200px,auto)[iCSA/KB4W1.png]]|
|~|Inscription → [[brighttalk/442756|https://www.brighttalk.com/webinar/get-quantum-safe/]]|~|
| 9:45|!Shared Responsibility: Someone Else's Problem|[img(200px,auto)[iCSA/KB4W2.png]]|
|~|Inscription → [[brighttalk/442761|https://www.brighttalk.com/webinar/shared-responsibility-someone-elses-problem/]]|~|
| 10:30|!STAR Future Roadmap|[img(200px,auto)[iCSA/KB4W3.png]]|
|~|Inscription → [[brighttalk/star-future-roadmap|https://www.brighttalk.com/webinar/star-future-roadmap/]]|~|
| 11:15|!Unveiling the Wonder of Automated Vulnerability Management in the Cloud|[img(200px,auto)[iCSA/KB4W4.png]]|
|~|Inscription → [[brighttalk/442765|https://www.brighttalk.com/webinar/unveiling-the-wonder-of-automated-vulnerability-management-in-the-cloud/]]|~|
| 12:00|!A Referenced Architecture to Modernize Your Approach to Cloud|[img(200px,auto)[iCSA/KB4W5.png]]|
|~|Inscription → [[brighttalk/442767|https://www.brighttalk.com/webinar/a-referenced-architecture-to-modernize-your-approach-to-cloud/]]|~|
| 12:45|!What You Need to Know About Credential Stuffing Attacks|[img(200px,auto)[iCSA/KB4W6.png]]|
|~|Inscription → [[brighttalk/449138|https://www.brighttalk.com/webinar/what-you-need-to-know-about-credential-stuffing-attacks/]]|~|
|>|>|!|
|>|>||
|>|>|!jeudi 5 novembre 2020 |
|>|>|//Participants will discover how to navigate the cloud for third-party risk, Zero Trust and Fog computing, and preview the first cloud auditing credential on the final day...//|
| 9:00|!Cloud Control Matrix V4|[img(200px,auto)[iCSA/KB5W1.png]]|
|~|Inscription → [[brighttalk/442772|https://www.brighttalk.com/webinar/cloud-control-matrix-v4/]]|~|
| 10:00|!A How-To Guide: Navigating the Top 7 Trends in Third-Party Risk Management|[img(200px,auto)[iCSA/KB5W2.png]]|
|~|Inscription → [[brighttalk/a-how-to-guide-navigating-the-top-7-trends-in-third-party-risk-management|https://www.brighttalk.com/webinar/a-how-to-guide-navigating-the-top-7-trends-in-third-party-risk-management/]]|~|
| 10:45|!The Impact of Fog Computing and Edge Computing on Cloud Security|[img(200px,auto)[iCSA/KB5W3.png]]|
|~|Inscription → [[brighttalk/442778|https://www.brighttalk.com/webinar/the-impact-of-fog-computing-and-edge-computing-on-cloud-security/]]|~|
| 11:30|!Zero Trust: The Key to your IAM Success|[img(200px,auto)[iCSA/KB5W4.png]]|
|~|Inscription → [[brighttalk/zero-trust-the-key-to-your-iam-success|https://www.brighttalk.com/webinar/zero-trust-the-key-to-your-iam-success/]]|~|
| 12:15|!CCAK: The industry's first global cloud auditing credential|[img(200px,auto)[iCSA/KB5W1.png]]|
|~|Inscription → [[brighttalk/442780|https://www.brighttalk.com/webinar/ccak-the-industrys-first-global-cloud-auditing-credential/]]|~|

__Liens :__
* Annonce CSA → https://cloudsecurityalliance.org/press-releases/2020/09/29/registration-open-for-cloud-security-alliance-emea-congress-2020/
* Inscription sur le site de BrightTalk → https://www.brighttalk.com/summit/4835-cloud-security-alliance-emea-congress-2020/
!"//Blockchain attacks, vulnerabilities and weaknesses//"
Article publié le 26 octobre 2020 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA//
<<<
!!!Blockchain attacks are very hot right now for one simple reason: it's where the money is.
[>img(175px,auto)[iCSA/KAQB1.png]][<img(200px,auto)[iCSA/KAQBB.png]]If you attack and compromise a database you need to take that data and then sell it to monetize your attack. If you compromise a web server you need to install some malware to harvest credit card details, and then monetize that data by selling it. But if you steal crypto currency? That's literally money in the attackers wallet now.

The good news: law enforcement is getting better at tracing these transactions and following the money, the bad news: the blockchain industry is not very mature when it comes to identifying vulnerabilities and weaknesses.

Attacks rely on a vulnerability being present so that they can exploit it. These vulnerabilities are implemented in software (web services, smart contracts, the underlying blockchain system, etc.) and can be any number of weaknesses such as logic bugs, reentrancy issues, integer overflows and so on.
!!!There is no comprehensive list of Blockchain weaknesses
And there is no comprehensive public list of weaknesses. There are a number of projects trying to do this, the US Government Department of Homeland Security actually sponsors one such effort, the Common Weakness Enumeration database (https://cwe.mitre.org/) database and there is a Solidity focuses Smart Contract Weakness Classification and Test Cases available from the SWC Registry (https://swcregistry.io/).
!!!Why is a public list of such weaknesses important?
[>img(500px,auto)[iCSA/KAQB2.png]]Simple. How do you find and fix weaknesses in software if you don't have a name to call them, let alone the ability to properly describe the weakness and possible mitigations or solutions to them? Also like most things in life given the choice between using a public database or building your own data set most security scanning tools use the CWE database as their baselines for security flaws that they try to detect and offer guidance on remediating.

This means that Blockchain and smart contract security scanning tools will (probably) detect common and known issues like integer overflows and memory leaks. But they may not detect Blockchain and smart contract specific vulnerabilities as well since there is no good, comprehensive, public database to use as a source.
!!!CSA's has documented over 200 Blockchain weaknesses
The CloudSecurityAlliance is of course working on this issue, we currently have a rough list of almost 200 weaknesses that apply to Blockchain and smart contracts, and about half of which are not in any other public database of weaknesses. You can view the full list of Blockchain weaknesses here+++^*[»] https://docs.google.com/spreadsheets/d/1HIM3BH8Cgth27ED4ruy9fXOpbOUAPAGY7merlZiE6_U/edit#gid=1028635246 === You can view the full list of Blockchain weaknesses here+++^*[»] https://docs.google.com/spreadsheets/d/1HIM3BH8Cgth27ED4ruy9fXOpbOUAPAGY7merlZiE6_U/edit#gid=1028635246 === 

The goal is to make this list of weaknesses more detailed and comprehensive, and encourage other public databases (such as CWE or SWC Registry) to include then so that ultimately automated tools will include support for them, making it easier for developers and end users to find, understand and fix vulnerabilities because attackers find and exploit them. If you are interested in joining this project please reach out to us, specifically the Attack Vectors/terms glossary sub Working Group, for more information please see https://csaurl.org/DLT-Security-Framework_sub_groups
!!Preview of Blockchain Weaknesses
|!Name of weakness |!Description |
|API Exposure |If an API is improperly exposed an attacker can attack it |
|Block Mining Race Attack |A variation on the Finney attack |
|Block Mining Timejack Attack |By isolating a node the time signal can be manipulated getting the victim out of synchronization |
|Block Reordering Attack |Certain cryptographic operations (such as using CBC or ECB incorrectly) allow blocks to be re-ordered and the results will still decrypt properly |
|Blockchain Network Lacks Hash Capacity |The Blockchain/DLT network lacks hashing capacity, an attacker can rent sufficient hashing power to execute a 51% Attack |
|Blockchain Peer flooding Attack |By creating a large number of fake peers in a network (peer to peer or otherwise) an attacker can cause real nodes to slow down or become non responsive as they attempt to connect to the newly announced peers. |
|Blockchain Peer flooding Attack Slowloris variant |By creating a large number of slow peers (real systems that respond very slowly to network requests) in a network an attacker can cause real nodes to slow down or become non responsive as they attempt to connect to the newly announced peers. Unlike fake peers that do not exist these slowloris peers are real but communicate slowly enough to hold sockets and resources open for minutes or hours. |
|Blockchain reorgani