InfoQ Homepage Cloud Security Content on InfoQ
-
Amazon CloudFront Introduces Support for VPC Origins and Static IPs
Ahead of re:Invent, AWS has announced that Amazon CloudFront now supports Anycast static IPs, providing a dedicated set of IP addresses for connecting to all CloudFront edge locations worldwide. Additionally, the new VPC origins feature enables developers to designate private resources within a VPC as origins, eliminating the need for public IP addresses or internet connectivity.
-
AWS Cloud Development Kit Vulnerability Enables Full AWS Account Takeover
A new vulnerability discovered in AWS Cloud Development Kit (CDK) by security firm Aqua could lead to an attacker fully taking over a target AWS account due to manual deletion of artifact S3 buckets. While AWS fixed the vulnerability, you are still required to take action if you have used CDK version v2.148.1 or earlier.
-
Cloudflare Introduces Short-Lived SSH Access, Eliminating the Need for SSH Credentials
Cloudflare recently announced Access for Infrastructure SSH, a feature that replaces traditional SSH keys with short-lived certificates. The new option leverages BastionZero’s integration into Cloudflare One and reduces the complexity of managing SSH keys while enhancing security by substituting long-term SSH keys with temporary, ephemeral certificates.
-
Microsoft Launches Azure Confidential VMs with NVIDIA Tensor Core GPUs for Enhanced Secure Workloads
Microsoft's Azure has launched the NCC H100 v5 virtual machines, now equipped with NVIDIA Tensor Core GPUs, enhancing secure computing for high-performance workloads. These VMs leverage AMD EPYC processors for robust data protection, making them ideal for tasks like AI model training and inferencing, while ensuring a trusted execution environment for sensitive applications.
-
Ephemeral IDs: Cloudflare's Latest Tool for Fraud Detection
During its recent Birthday Week, Cloudflare introduced Ephemeral IDs, a new feature for fraud detection. The tool identifies fraudulent activity—whether from bots or humans—by linking behavior to a specific client rather than an IP address.
-
Cloud Misconfigurations Can Cause Major Data Breaches: Deliveroo at InfoQ Dev Summit Munich
During her presentation at the inaugural edition of Dev Summit Munich, Danielle Sudai, security operations lead at Deliveroo, explored the fundamentals of cloud security posture management, stressing how a single misconfiguration can damage your company's security. She emphasised the importance of bridging the gap between the different layers of the organisation, from governance to technology.
-
AWS Key Management Service Now Supports ECDH for Secure Communications
This summer, AWS announced that the AWS Key Management Service (KMS) supports the Elliptic Curve Diffie-Hellman (ECDH) key agreement. The security team at AWS recently showed how the new DeriveSharedSecret API enables the establishment of secure communication channels by using a derived shared secret.
-
Workspaces in Azure API Management GA: Runtime Isolation and Federated Model of Managing APIs
Microsoft has launched Workspaces in Azure API Management, enabling developers to manage multiple API services from a single platform. This feature enhances API oversight, supports centralized and federated management models, and ensures runtime isolation. Ideal for enhanced organization, this premium-tier tool simplifies API development while maintaining robust security and control.
-
Azure Advisor Well-Architected Assessment in Public Preview to Optimize Cloud Infrastructure
Microsoft Azure recently announced the public preview of the Advisor Well-Architected assessment. This self-guided questionnaire aims to provide tailored, actionable recommendations to optimize Azure resources while aligning with the Azure Well-Architected Framework (WAF) principles.
-
AWS Introduces Logically Air-Gapped Vault for Enhanced Data Security
AWS recently announced the public preview of AWS Backup logically air-gapped vault, a new type of vault that can be shared for recovery with other accounts using AWS Resource Access Manager (RAM).
-
Cloudflare Application Security Report Highlights Surge in DDoS Attacks and CVE Exploits
Cloudflare recently released its 2024 Application Security Report, offering recommendations and insights on addressing many raised concerns. A key finding of the report is the increase in malicious traffic, driven by geopolitical events and voting seasons.
-
AWS Launches Open-Source Agent for AWS Secrets Manager
Amazon Web Services (AWS) has launched a new open-source agent for AWS Secrets Manager. According to the company, this agent simplifies the process of retrieving secrets from AWS Secrets Manager, enabling secure and streamlined application access.
-
CrowdStrike Update Bricks Estimated 8.5M Windows Machines Worldwide
CrowdStrike, an American cybersecurity technology company, recently released a product update that bricked an estimated 8.5 million computers running Windows globally, affecting businesses, individual users, and software companies. The company provides cloud workload protection, endpoint security, threat intelligence, and cyberattack response services.
-
Microsoft Entra Suite Now Generally Available: Identity and Security Based Upon Zero-Trust Models
Microsoft has announced the general availability of its Entra Suite. According to the company, the suite provides a solution that integrates identity and security, facilitating a more unified approach to security operations.
-
AWS Introduces Malware Detection for Object Uploads to Amazon S3
At the latest re:Inforce cloud security conference, AWS announced GuardDuty Malware Protection for Amazon S3. This new malware scanning feature for Amazon S3 enables teams to detect malware in new object uploads using Amazon GuardDuty.