Amazon GuardDuty now protects Amazon EKS + Google Cloud has released the Virtual Machine Threat Detection tool

February 9, 2022
  • Google Cloud has released the Virtual Machine Threat Detection tool as part of their Security Command Center for Premium customer. According to Google’s blog this “is a first-to-market detection capability from a major cloud provider that provides agentless memory scanning to help detect threats like cryptomining malware inside your virtual machines running in Google Cloud.” In the latest Google Cybersecurity Action Team Threat Horizons Report, Google reported that they saw 86% of compromised cloud instances were used to perform cryptocurrency mining. VMTD is one of the ways google hopes to protect Google Cloud Platform customers against growing attacks like coin mining, data exfiltration, and ransomware.  For those familiar with AWS Guardduty, how does this compare – share with us on linkedin, twitter or on our website. You can read Google Cloud’s announcement here. 
  • Being a Cloud Security Enthusiast, you are probably familiar with the Cloud Security Alliance, they are well known for defining standards, certifications, and best practices for security cloud environments. This week they have released DevSecOps – Pillar 4 Bridging Compliance and Development as part of the DevSecOps Six Pillars series. This document focuses on how compliance can be automated and better relate to security requirements. The document summarizes that “Before DevSecOps, risk-related requirements were difficult to translate into security activities – The increasing speed and frequency of deployments in application development today mandated a solution that was efficient and more automated without compromising security and quality”. You can access the full document here. We would love to hear your thoughts about this pillar, so please share your views with us.
  • Security Researcher Harsh Jaiswal received a bounty award of $17,576 for whats been described as a “pretty simple” but critical SSRF related to HelloSign’s Google Drive Docs export feature. Dropbox’s security team in a bug thread on HackerOne reported that the researcher pointed out that HelloSign’s Google Drive doc export feature had a URL parsing issue that could allow extra parameters to be passed to Google Drive API. By making use of an extra parameter in the Google Drive API, it was possible for researchers to force HelloSign to parse external JSON data which leads to an SSRF attack. They further confirmed that they have now updated the parser to securely make a request which mitigates the vulnerability. You can read more about the security team’s response here and the vulnerability report here.
  • More in the world of Bug Bounty, Cloudflare, a Silicon Valley provider of content delivery network (CDN) and DDoS mitigation services has launched a public bug bounty program, further to their invite-only program in place since 2018. “Critical bugs will command payouts of $3,000, high severity flaws can earn researchers up to $1,000, medium risk vulnerabilities will net them a potential $500, and low risk issues will attract $250 payouts.” The new program launched on Feb 1st, 2022 and will be hosted by HackerOne and has all Cloudflare’s assets in scope. In their blog post they reported they believe bug bounties are a vital part of every security team’s toolbox and have been working hard on improving and expanding our private bug bounty program over the last few years. The first iteration of their bug bounty was a pure vulnerability disclosure program without cash bounties. In 2018, they added a private bounty program and are now taking the next step to a public program. You can find out more about the program here
  • Last but definitely not the least – something that been doing the rounds on twitter – Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters. A couple of weeks ago Amazon GuardDuty  expanded coverage to continuously monitor and profile Amazon Elastic Kubernetes Service (Amazon EKS) cluster activity to identify malicious or suspicious behavior that represents potential threats to container workloads. This was originally enabled by default, however ​​based on customer feedback, for current Amazon GuardDuty customers, AWS will no longer enable by default GuardDuty for EKS Protection. All existing GuardDuty customers that had EKS Protection enabled were in a free usage period until Monday February 7, 2022, at which time GuardDuty for EKS Protection was no longer on, and will remain off by default. Customers can now choose to re-enable GuardDuty for EKS Protection at the time of their choosing with a few clicks in the Amazon GuardDuty console or through the APIs. You can read more about this here

This episode is brought to you by JupiterOne

Jupiter One Logo
JupiterOne logo

Recommend a topic

Partner with us

Join the team

Enjoying our content? Don't forget to subscribe!