InfoQ Homepage Cloud Security Content on InfoQ
-
How a Manual Remediation for a Phishing URL Took down Cloudflare R2
Due to human error in handling a phishing report and insufficient validation safeguards in admin tools, Cloudflare experienced an incident affecting its R2 Gateway service on February 5th. As part of a routine remediation for a phishing URL, the R2 service was inadvertently taken down, leading to the outage or disruption of numerous other Cloudflare services for over an hour.
-
Google Cloud Introduces Quantum-Safe Digital Signatures in Cloud KMS to Future-Proof Data Security
Google has introduced quantum-safe digital signatures in its Cloud Key Management Service, adhering to NIST post-quantum cryptography standards. This vital update counters the imminent threats of quantum computing on traditional encryption methods, enabling organizations to integrate resilient, future-proof security measures seamlessly.
-
AWS Introduces Centralized Root Access Management for Organizations
AWS has introduced a new capability for AWS Organizations members, allowing administrators to centrally manage and restrict root-user access across multiple AWS accounts. This update enhances security and governance by providing organizations with greater control over the most privileged access within their cloud environments.
-
How to Defend Amazon S3 Buckets from Ransomware Exploiting SSE-C Encryption
A new ransomware campaign, dubbed Codefinger, has been targeting Amazon S3 users by exploiting compromised AWS credentials to encrypt data using Server-Side Encryption with Customer-Provided Keys (SSE-C). Attackers then demand ransom payments for the symmetric AES-256 keys required to decrypt the data. AWS has released recommendations to help users mitigate the risk of ransomware attacks on S3.
-
AWS Launches Trust Center: a Centralized Resource for Security and Compliance Information
AWS Trust Center is a comprehensive online resource that enhances cloud security transparency. It details AWS's security practices, compliance protocols, and data protection controls, making it easier for customers to understand and manage their cloud security. This centralized hub provides real-time service status, security bulletins and essential resources, improving client trust & confidence.
-
DeepSeek Database Leaking Sensitive Information Highlights AI Security Risks
Cloud security firm Wiz uncovered unprotected DeepSeek database giving full control over database operations and access to internal data including millions of lines of chat logs. While the vulnerability has been quickly fixed, the incident shows the need for the AI industry to enforce higher security standards, says the company.
-
Amazon CloudFront Introduces Support for VPC Origins and Static IPs
Ahead of re:Invent, AWS has announced that Amazon CloudFront now supports Anycast static IPs, providing a dedicated set of IP addresses for connecting to all CloudFront edge locations worldwide. Additionally, the new VPC origins feature enables developers to designate private resources within a VPC as origins, eliminating the need for public IP addresses or internet connectivity.
-
AWS Cloud Development Kit Vulnerability Enables Full AWS Account Takeover
A new vulnerability discovered in AWS Cloud Development Kit (CDK) by security firm Aqua could lead to an attacker fully taking over a target AWS account due to manual deletion of artifact S3 buckets. While AWS fixed the vulnerability, you are still required to take action if you have used CDK version v2.148.1 or earlier.
-
Cloudflare Introduces Short-Lived SSH Access, Eliminating the Need for SSH Credentials
Cloudflare recently announced Access for Infrastructure SSH, a feature that replaces traditional SSH keys with short-lived certificates. The new option leverages BastionZero’s integration into Cloudflare One and reduces the complexity of managing SSH keys while enhancing security by substituting long-term SSH keys with temporary, ephemeral certificates.
-
Microsoft Launches Azure Confidential VMs with NVIDIA Tensor Core GPUs for Enhanced Secure Workloads
Microsoft's Azure has launched the NCC H100 v5 virtual machines, now equipped with NVIDIA Tensor Core GPUs, enhancing secure computing for high-performance workloads. These VMs leverage AMD EPYC processors for robust data protection, making them ideal for tasks like AI model training and inferencing, while ensuring a trusted execution environment for sensitive applications.
-
Ephemeral IDs: Cloudflare's Latest Tool for Fraud Detection
During its recent Birthday Week, Cloudflare introduced Ephemeral IDs, a new feature for fraud detection. The tool identifies fraudulent activity—whether from bots or humans—by linking behavior to a specific client rather than an IP address.
-
Cloud Misconfigurations Can Cause Major Data Breaches: Deliveroo at InfoQ Dev Summit Munich
During her presentation at the inaugural edition of Dev Summit Munich, Danielle Sudai, security operations lead at Deliveroo, explored the fundamentals of cloud security posture management, stressing how a single misconfiguration can damage your company's security. She emphasised the importance of bridging the gap between the different layers of the organisation, from governance to technology.
-
AWS Key Management Service Now Supports ECDH for Secure Communications
This summer, AWS announced that the AWS Key Management Service (KMS) supports the Elliptic Curve Diffie-Hellman (ECDH) key agreement. The security team at AWS recently showed how the new DeriveSharedSecret API enables the establishment of secure communication channels by using a derived shared secret.
-
Workspaces in Azure API Management GA: Runtime Isolation and Federated Model of Managing APIs
Microsoft has launched Workspaces in Azure API Management, enabling developers to manage multiple API services from a single platform. This feature enhances API oversight, supports centralized and federated management models, and ensures runtime isolation. Ideal for enhanced organization, this premium-tier tool simplifies API development while maintaining robust security and control.