InfoQ Homepage Cloud Security Content on InfoQ
-
Google Distroless Images Achieve SLSA Level 2
Google announced that their distroless builds meet level 2 of the Supply chain Levels for Software Artifacts (SLSA). Level 2 requires that the build process for these images is tamper resistant. This improves on their previous release which saw all images being signed with cosign.
-
Google 2022 Accelerate State of DevOps Report Finds Strong Culture Predictive of Strong Performance
Google has released their findings from the 2022 Accelerate State of DevOps Report. This year's report focused on security with a specific emphasis on the software supply chain. The report found a broad adoption of the inspected practices with organizations that have a high-trust, low-blame culture leading the way in both security and operational practices.
-
NPM Package Masquerading as Popular Material Tailwind Library To Install Malicious Code
Researchers at ReversingLabs discovered a malicious npm package masquerading as the Material Tailwind library. Their finding highlights a new trend for threat actors to install malicious code, dubbed impostor packages, say the researchers.
-
Undistro Wolfi Designed to Mitigate Software Supply Chain Risk
Chainguard has announced the general availability of Wolfi, a new Linux distribution designed for container environments and built to ensure a secure software supply chain. Wolfi is designed to be a minimal distribution that provides a build-time SBOM for all included packages.
-
Google Cloud Spanner Introduces Free Trial Instances and Fine-Grained Access Control
Google Cloud recently announced different improvements to their managed databases. The cloud provider introduced free trial instances and fine-grained access control for Spanner to let developers try the managed service and configure access to data at the table and column level.
-
Production Identity Framework SPIRE Graduates from CNCF
The Cloud Native Computing Foundation has announced the graduation of SPIFFE and SPIRE. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE API that is production ready. Recent improvements to the project include adding experimental Windows support.
-
Open-Source Constellation K8 Engine Aims to Bring Confidential Computing to Kubernetes
Constellation is a Kubernetes engine that shields Kubernetes clusters from the rest of the cloud infrastructure using confidential computing and confidential VMs. This creates a confidential context that ensures data is always encrypted, both at rest and in memory.
-
Open-Source Threat Detection Tool Falco Adds Support for Google gVisor
The latest version of Falco introduces support for gVisor, Google's application kernel providing an additional isolation layer between applications and the host OS. Using Falco 0.32.1 users can monitor security events from gVisor to detect threats and audit containers.
-
GCP Announces MITRE ATT&CK Mappings to Implement Security Controls
Google Cloud Platform (GCP) recently announced the MITRE ATT&CK Mappings to improve security controls across the Google Cloud workloads. MITRE ATT&CK framework is a globally-accessible knowledge base of adversary tactics & techniques based on real-world observations. The mappings will empower Google Cloud users to assess the GCP controls against adversary tactics, techniques and procedures(TTPs).
-
Amazon SNS Introduces Message Data Protection to Discover Sensitive Data in Motion
Amazon SNS recently announced the public preview of message data protection. Identifying PII data and other sensitive information in flight, the new SNS feature leverages pattern matching, machine learning models, and data protection policies to simplify data protection and compliance in applications that exchange high volumes of data.
-
AWS IAM Identity Center Introduces APIs to Manage Users and Groups at Scale
AWS recently introduced IAM Identity Center APIs to create users and groups at scale. Administrators can use these new APIs to manage identities programmatically and gain visibility into users in the Identity Center directory.
-
Google Cloud Certificate Manager Generally Available
Google Cloud recently announced the general availability of Certificate Manager, a service to acquire, manage, and deploy TLS certificates for use with Google Cloud workloads.
-
Amazon Introduces Encrypted Communication Service AWS Wickr
A year after the acquisition of the company Wickr, Amazon recently announced the preview of the collaboration suite AWS Wickr. Built on a proprietary encryption protocol, the new managed service provides enterprises and government agencies with security and administrative controls to meet security and compliance requirements.
-
Accelerated Multi-Account Auditing and Compliance in AWS with Steampipe, HCL and SQL
AWS recently examined the use of AWS Insights Mod, based on Steampipe, an open-source tool that defines over 650 queries and displays their results on 84 dashboards.
-
Virtual Machine Threat Detection in Google Security Command Center Now Generally Available
Google Cloud recently announced the general availability (GA) of Virtual Machine Threat Detection (VMTD) as a built-in service in Security Command Center Premium, which can detect if hackers attempt to mine cryptocurrency in a company's cloud environment.