TLS, HTTPS. These are an important step in defence in depth. Get your entire domain on the https-only list at hstspreload.org, thank me later.
Github ransomware. It might be a misdirection to hide more surreptitious changes to the codebase for you to import into your cloud.
Your virtual-private-cloud private IP setup still has access to key API’s such as storage and messaging. Have you considered exfiltration through these?
Your shiny new cloud instances might be tarnished by the reputation of the last tenant.
Use Shodan to check, and Greynoise to see if its above the norm.
And above all, don’t panic!
Docker hub loses account info, deploy tokens for github + bitbucket. Supply chain security chaos should ensue. Or are we now too blase? Its not me, right?
Passwords. bits of plain text that end up everywhere in automated systems. etcd. A `secure` way to share secrets. The Internet. A place that everything is guaranteed to end up. This is a toxic brew, read on!
Wide open elasticsearch on the Internet. Its common. The user usually believes since they use private IP (NAT) they are protected. Wrong.
Bad code can come in through our own import statements and software process. Do you run an egress firewall to protect the world from yourself?
Gitlab is an excellent continuous integration platform. Adding static application scanning (SAST) makes it better. Lets try without making changes to the container under test.
Use your desktop chrome to find software with security flaws on the sites you visit. And then fix (if your own) or notify (if not). Be part of the security solution.
Subscribe for updates
We'd love to stay in touch. There are two groups you might consider, the 'Announcements' are infrequent things we have to say about our progress, and 'Blog' is a more frequent set of updates (that you can also get via web-push notifications by clicking the bell in the lower-right).
Don't worry, you can unsubscribe anytime, and we don't sell or transfer this list. It's just between us.