Cloud Security ranks in 2021 OWASP Top 10 - Cloud Security News

<p><strong>Cloud Security News this week - 29 September 2021</strong></p> <ul> <li><a href="https://www.scmagazine.com/news/cloud-security/edm-council-supported-by-aws-google-ibm-and-microsoft-releases-new-guidelines-for-securing-the-cloud"><u>Amazon Web Services, Google Cloud, IBM, and Microsoft have joined forces this week &nbsp;with the Enterprise Data Management (EDM) Council to publish a framework for managing data in the cloud. The new cloud data management capabilities (CDMC) framework was developed over the last 18 months with participation from more than 100 leading companies.</u></a> The framework can be found <a href="https://edmcouncil.org/page/CDMC"><u>here</u></a></li> <li><a href="https://www.itnews.com.au/news/solarwinds-attackers-drop-foggyweb-backdoor-on-ad-sso-servers-570439"><u>Microsoft has published information this week on a new malware it calls FoggyWeb which has been deployed by Russia-linked threat actors Nobelium who are said to be behind the devastating SolarWinds supply chain attack.</u></a> Microsoft’s published document can be found <a href="https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/"><u>here</u></a></li> <li><a href="https://portswigger.net/daily-swig/owasp-toasts-20th-anniversary-with-revised-top-10-for-2021"><u>For those of you familiar with OWASP (Open Web Application Security Project), OWASP celebrated its 20th anniversary last week with a 24-hour webinar + &nbsp;launched their top 10 web security vulnerabilities for 2021 updated from 2017. It worth noting that there are a few updates relevant to cloud security - broken access control has moved from #5 to #1, insecure design and server side request forgery have now been added while security misconfiguration has made it to top 5.</u></a> &nbsp;You can read more about it <a href="https://owasp.org/Top10/"><u>here</u></a></li> <li><a href="https://portswigger.net/daily-swig/meet-trufflehog-a-browser-extension-for-finding-secret-keys-in-javascript-code">