The hottest Cloud Security Substack posts right now

And their main takeaways

Resilient Cyber Newsletter #14

Resilient Cyber • 59 implied HN points • 17 Sep 24

Cyber attacks on U.S. infrastructure have surged by 70%, affecting critical sectors like healthcare and energy. This is causing bigger risks because these sectors are tied to essential services.
Wiz has introduced 'Wiz Code' to improve application security by connecting cloud environments to source code and offering proactive ways to fix security issues in real-time.
There's a growing crisis in the cybersecurity workforce, with many claiming there are numerous jobs available while many professionals feel unprepared for the roles. This highlights the disconnect between job openings and real-world experience.

The State of Non-Human Identity (NHI) Security

Resilient Cyber • 59 implied HN points • 12 Sep 24

🕹 Technology Cybersecurity Cloud Security Data Protection Identity Management

Organizations feel anxious and lack confidence in securing Non-Human Identities, mainly because they know about the risks but don't have good strategies to manage them.
Many companies struggle with basic security practices like managing service accounts and API keys, which puts them at risk since they often don't review permissions regularly.
There is a strong interest in investing in better tools and solutions for NHI security, as businesses recognize their current weaknesses and want to improve their defenses.

Resilient Cyber Newsletter #5

Resilient Cyber • 79 implied HN points • 16 Jul 24

🕹 Technology Cybersecurity AI Security Cloud Security Vulnerability Management Federal Policy

CISA's Red Team was able to infiltrate a federal agency and remain undetected for five months, highlighting vulnerabilities in government cybersecurity practices.
The U.S. Office of Management and Budget has published new cybersecurity priorities for FY26, focusing on modernizing defenses and improving open-source software security.
Google is close to acquiring the cloud security company Wiz for $23 billion, a move that could strengthen its position against competitors like Microsoft and AWS.

Resilient Cyber Newsletter #2

Resilient Cyber • 39 implied HN points • 25 Jun 24

🕹 Technology Cybersecurity AI Cloud Security Risk management Vulnerability Management

Companies need to be careful about how much they share regarding their cyber insurance. Revealing this information might make them targets for attackers.
The role of a CISO is changing and becoming more business-focused. Many believe they should focus on leadership rather than just technical tasks.
AI can help improve cybersecurity, but there are also concerns about its use by attackers. It's important to explore how AI can enhance our defenses.

Resilient Cyber Newsletter #3

Resilient Cyber • 19 implied HN points • 02 Jul 24

🕹 Technology Cybersecurity Software Cloud Security AI Security Open Source

There is no clear standard for 'reasonable' cybersecurity in the U.S., making it hard to hold organizations accountable for data breaches. This means it's important to define what basic security should look like.
The role of Chief Information Security Officers (CISOs) is evolving and there's discussion about possibly splitting their responsibilities. However, many believe that a strong CISO needs both technical skills and business understanding to be effective.
Supply chain attacks are growing and affecting numerous organizations and open-source projects. This highlights the need for better security practices since many important projects are maintained by volunteers and are often under-resourced.

Get a weekly roundup of the best Substack posts, by hacker news affinity:

Top 10 Cybersecurity Misconfigurations

Resilient Cyber • 179 implied HN points • 15 Oct 23

🕹 Technology Cybersecurity Information Systems Cloud Security Network Security Data Protection

Many data breaches happen because of misconfigurations. This means that fixing these issues is often more important than just finding software vulnerabilities.
Organizations need to regularly update their software and manage user privileges better. This can help prevent attackers from taking advantage of weak points in the system.
Monitoring network activity is crucial. Without it, businesses may not realize they are being attacked and might suffer more damage.

What vulnerabilities were malicious actors focused on in 2022?

Resilient Cyber • 199 implied HN points • 14 Aug 23

🕹 Technology Cybersecurity Software Vulnerabilities Risk management Cloud Security

Malicious actors focused heavily on Microsoft vulnerabilities in 2022, highlighting the importance for organizations to stay updated with security patches.
Vendors and developers should identify often exploited vulnerabilities and hold business leaders responsible for security practices.
End-user organizations need to enforce strong security measures, like multi-factor authentication, and continuously monitor their systems to protect against possible threats.

Why Biden's 'Cyber Trust Mark' is nonsense

Cybersect • 58 implied HN points • 21 Jul 23

🕹 Technology Cybersecurity IOT Cloud Security

Mainstream news stories about the 'Cyber Trust Mark' lack critical viewpoints.
The cybersecurity industrial complex prioritizes control over actual security.
There is no significant IoT cybersecurity issue; security is a tradeoff that the industry overlooks.

Want to help me upgrade digital identity?

Steve Kirsch's newsletter • 4 implied HN points • 01 Feb 25

🕹 Technology Digital Identity Cryptography Cloud Security Privacy

Usernames and passwords are outdated. A new method of digital identity would make online security simpler and safer.
You can manage your identity without needing to remember complicated passwords or codes. Just an alias is all you need.
There’s a need for experts in cryptography and cloud security to help create a more secure and self-sovereign identity system.

The why and how of SaaS Governance

Resilient Cyber • 39 implied HN points • 06 Feb 23

🕹 Technology Cloud Security Cybersecurity Risk management Compliance

Organizations need a solid plan to manage the security risks associated with their wide use of Software as a Service (SaaS). This includes knowing what SaaS applications they use and applying security measures.
Many companies focus heavily on securing their infrastructure services like AWS or Azure, but they often overlook the significant risks that come with SaaS applications. This can lead to security breaches.
It's important for businesses to understand the shared responsibility model in cloud security and realize that while SaaS providers handle some security, the ultimate responsibility for data protection still lies with the organization.

Issue #50

Infra Weekly Newsletter • 13 implied HN points • 11 Jun 23

🕹 Technology Infrastructure Cloud Security Application Security Documentation

Release Management for Snaps Made Simpler with progressive release feature
Technical deep-dive into a real-time kernel from Ubuntu explained by Edoardo Barbieri
Deploy a Kubernetes Development Environment with Kind guide for setting up local Kubernetes clusters

2022 M&A in Cybersecurity

The Security Industry • 15 implied HN points • 02 Apr 23

🕹 Technology Cybersecurity Mergers & Acquisitions Public Companies Private Equity Cloud Security

In 2022, the cybersecurity industry saw 332 acquisitions, with the largest deal being VMware acquired by Broadcom for $60 billion.
Most of the acquisitions in 2022 were strategic, where one vendor acquired another, like Google buying Mandiant.
Special Purpose Acquisition Corps (SPACs) were used for acquiring cybersecurity companies, with notable large deals taking advantage of lower valuations.

Issue #84

Infra Weekly Newsletter • 4 implied HN points • 11 Mar 24

🕹 Technology Data Storage Cloud Security Programming Networking Development Tools

EchoVault is a distributed data store using the RAFT consensus protocol and Go, providing various data structures.
Microsoft's AI Team's exposure of 38TB data raises concerns on cloud security, emphasizing the need for stronger preventive measures.
In the tech world, learning about RISC-V's importance to Java and tools like bpftop for optimizing eBPF performance can enhance your knowledge and skills.

Developers don't care about security

Frankly Speaking • 4 HN points • 25 Jan 24

🕹 Technology Cloud Security DevOps Digital Transformation

Developers are not usually interested in security tools and may not prioritize security.
The shift to cloud environments has made security a challenge, as traditional security tools are seen as obstacles.
To improve security in DevOps, companies need easy-to-deploy security tools that align with developer workflows.

Issue #35

Infra Weekly Newsletter • 9 implied HN points • 13 Feb 23

🕹 Technology Infrastructure Open Source Cloud Security DevOps Hosting

Rust Linux 6.3 brings better performance, security, and stability
GCC 13's Rust Language Front-End is not fully useful yet for most Rust developers
Intel's DOIT project focuses on Open-Source technology for IoT devices

AsiaInfo Security acquired SafeDog to enhance Cloud Security Portfolio

CyberSecurityMew • 0 implied HN points • 20 Oct 23

🕹 Technology Cybersecurity Cloud Security Acquisition

AsiaInfo Security acquired SafeDog to enhance their cloud security portfolio by integrating capabilities and technologies, creating a comprehensive cloud security system.
AsiaInfo Security's acquisition will boost their position in the domestic cloud security sector, making them a leading network security company in this area.
The collaboration between AsiaInfo Security and SafeDog is a strategic decision that aligns their cloud security products, technology, and market focus, promising innovative development and business expansion.