Zim is a caching build system that is ideal for software development teams using monorepos that contain many components and dependencies. Zim provides for fast incremental, parallel builds across a team and is entirely language agnostic with built-in support for cross-platform builds via Docker. Zim is available as an open source project hosted on GitHub.
“The cloud has radically changed the IT security landscape. The vulnerability surface is different. Attackers operate differently. And how you go about keeping your data safe needs to be different.”
If you’re running a workload in the cloud, take a moment to look at the activity logs for your public-facing resources. There’s bad guys there, and they’re probing your cloud infrastructure looking for misconfigurations they can exploit.
We’re excited to announce the Cloud Security Masterclass program to help increase awareness of advanced cloud misconfiguration risks and how malicious actors exploit them. We held the first free live Cloud Security Masterclass last month—a deep dive session into the complex layers of Amazon S3 security, which has been at the center of a number of recent high profile data breaches.
The COVID-19 crisis has a profound impact on just about every business, and for cloud engineering and security teams, the rapid and near universal transition to 100% work-from-home has created significant new cloud security risks. Our State of Cloud Security Report, based on our industry survey conducted in late March, showed that 84% of IT professionals are worried about new cloud security vulnerabilities created during the pandemic.
When there’s a data breach involving Amazon Web Services (AWS), more often than not it involves the Amazon S3 object storage service. The service is incredibly popular. Introduced way back in 2006 when few knew what the cloud was, S3 is highly scalable, reliable, and easy to use. But getting the security of S3 right—and making sure it stays that way—continues to confound many AWS customers.
Lately, we at Fugue have been demonstrating live hacks against cloud infrastructure based on real events in the news. We often walk through a theft of data from Amazon S3 by exploiting little-known misconfigurations of Security Groups, EC2, IAM, and S3 in combination. See A Technical Analysis of the Capital One Cloud Misconfiguration Breach.
Cloud misconfiguration remains the top cause of data breaches in the cloud, and the COVID-19 crisis is making the problem worse. These are among the findings of Fugue’s new State of Cloud Security 2021 Report.
Recently, I was tasked with creating an automated testing tool for Fugue. Fugue monitors cloud resources for compliance and security, and we needed a way to verify that the full results of a Fugue scan were correct. My goal was to create an automated system that runs locally or in CI, deploys configurable infrastructure, scans it using Fugue, and verifies the results. This blog post walks through the design and implementation process for what became autotest, our internal automated testing tool.
By the Fugue Team in collaboration with Dave Williams, cloud architect at New Light Technologie s . Employers across the U.S. and around the world are rapidly shifting to a mandatory work-from-home (WFH) arrangement to help slow the spread of the coronavirus (COVID-19). Even for organizations already operating with team members working from home, this shift is likely causing disruption.