InfoQ Homepage Cloud Security Content on InfoQ
-
Azure Advisor Well-Architected Assessment in Public Preview to Optimize Cloud Infrastructure
Microsoft Azure recently announced the public preview of the Advisor Well-Architected assessment. This self-guided questionnaire aims to provide tailored, actionable recommendations to optimize Azure resources while aligning with the Azure Well-Architected Framework (WAF) principles.
-
AWS Introduces Logically Air-Gapped Vault for Enhanced Data Security
AWS recently announced the public preview of AWS Backup logically air-gapped vault, a new type of vault that can be shared for recovery with other accounts using AWS Resource Access Manager (RAM).
-
Cloudflare Application Security Report Highlights Surge in DDoS Attacks and CVE Exploits
Cloudflare recently released its 2024 Application Security Report, offering recommendations and insights on addressing many raised concerns. A key finding of the report is the increase in malicious traffic, driven by geopolitical events and voting seasons.
-
AWS Launches Open-Source Agent for AWS Secrets Manager
Amazon Web Services (AWS) has launched a new open-source agent for AWS Secrets Manager. According to the company, this agent simplifies the process of retrieving secrets from AWS Secrets Manager, enabling secure and streamlined application access.
-
CrowdStrike Update Bricks Estimated 8.5M Windows Machines Worldwide
CrowdStrike, an American cybersecurity technology company, recently released a product update that bricked an estimated 8.5 million computers running Windows globally, affecting businesses, individual users, and software companies. The company provides cloud workload protection, endpoint security, threat intelligence, and cyberattack response services.
-
Microsoft Entra Suite Now Generally Available: Identity and Security Based Upon Zero-Trust Models
Microsoft has announced the general availability of its Entra Suite. According to the company, the suite provides a solution that integrates identity and security, facilitating a more unified approach to security operations.
-
AWS Introduces Malware Detection for Object Uploads to Amazon S3
At the latest re:Inforce cloud security conference, AWS announced GuardDuty Malware Protection for Amazon S3. This new malware scanning feature for Amazon S3 enables teams to detect malware in new object uploads using Amazon GuardDuty.
-
Terraform Fork OpenTofu 1.7.0 Brings State Encryption and More
OpenTofu 1.7.0 has been released. OpenTofu is an open-source infrastructure-as-code tool for declarative cloud infrastructure creation using various APIs. It was forked last year from HashiCorp's Terraform after changes to the latter's license. The new version introduces several significant features and improvements.
-
Over 100K+ Sites Hit by Polyfill.io Supply Chain Attack
E-Commerce security firm Sansec unveiled a new supply chain attack affecting the Polyfill JS service when accessed through a number of CDNs hosting it. According to Sansec, over 100K sites were hit. The original author of the service, Andrew Betts, suggested removing Polyfill from any sites using it.
-
Non-Production Endpoints as an Attack Surface in AWS
The security team at Datadog recently disclosed a security issue on AWS where non-production endpoints were used as an attack surface to silently perform permission enumeration. AWS has since remediated these specific bypasses.
-
Introducing New SKUs for Microsoft Azure Bastion: Developer and Premium Options Now Available
Microsoft recently announced new SKUs for its Azure Bastion service: a Developer SKU that is now generally available (GA) after its public preview last year and a premium SKU being rolled out in a public preview.
-
Falco 0.38.0 Released with Enhanced Driver Selection, Configurations and Real-Time Monitoring
The maintainers of Falco announced its latest version: 0.38.0. This is the first release since its graduation within CNCF.
-
HashiCorp Boundary Adds Aliases, MinIO Storage and Better Search
HashiCorp has released Boundary 0.16, an update enhancing user experience and governance in privileged access management (PAM).
-
Enhanced Security for Enterprises: Google Launches Google Threat Intelligence
At the recent RSA Conference in San Francisco, Google Cloud introduced Google Threat Intelligence, a new security offering for large organizations. The new solution provides users with actionable insights, external threat monitoring, attack surface management, digital risk protection, and in-depth analysis of Indicators of Compromise (IOC).
-
Microsoft Launches Trusted Signing in Public Preview: an End-to-End Signing Solution for Developers
Microsoft recently launched Trusted Signing in Public Preview, a fully-managed end-to-end signing solution for developers backed by a Microsoft-managed certification authority.