Captain's Log, Stardate 2021.05.28


Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

17 Ways to Run Containers on AWS | Last Week in AWS
There are 17 ways to run containers on AWS. While I pulled the number “17” out of the air, I have it on good faith that this caused something of a “meme explosion” inside of AWS. To that end, I can do no less but to enumerate the 17 container options, along with (and this is where I deviate from AWS itself) providing guidance and commentary as to which you should choose for a given task.

#85 - Machine Learning, GraphQL, and Modern Static Analysis | tl;dr sec

"One thing that consistently makes me smile is well done snark about the security industry. As someone in infosec and whose melanin levels cause the sun to be a mortal enemy (not uncorrelated variables), this diagram by Kelly Shortridge made me feel #seen." - Clint Gibler

BazaLoader Attackers Create Fake Movie Streaming Site to Trick Victims | Dark Reading
The criminals behind a recent malware campaign are using an elaborate infection chain that includes creation of a fake movie streaming website. Proofpoint researchers report the attackers associated with BazaLoader malware have created a convincing fake site for a service called BravoMovies, which goes so far as to display fake movie titles on the landing page.

DHS releases new cybersecurity guidelines for pipelines after Colonial attack | ZDNet
Last week, someone began began posting classified notices on LinkedIn for different design consulting jobs at Geosyntec Consultants, an environmental engineering firm based in the Washington, D.C. area. One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. 

Modern-Visibility-for-Cybersecurity-and-IT-Asset-Management-JupiterOne_thumb-1Modern Visibility for Cybersecurity and IT Asset Management | JupiterOne
The cybersecurity technology landscape is fragmented and niche, and for good reason. Enterprises use specialized infrastructure and security tools each of which has its own definition of asset. Understanding your entire cyber asset landscape is nearly impossible due to the breadth of technologies in play. Identifying a new definition of cyber asset is mandatory to building a successful security program. Learn how to find, monitor, visualize, and govern your cyber assets with deep understanding of cyber asset relationships.



Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.


cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.