InfoQ Homepage Cloud Security Content on InfoQ
-
Amazon EC2 Supports NitroTPM and UEFI Secure Boot
AWS recently announced the general availability of the UEFI Secure Boot and of NitroTPM, a virtual TPM module for EC2 instances based on the AWS Nitro System. The new features are designed for boot-process validation, key protection and digital rights management.
-
Microsoft Rebrands its Data Governance Service to Microsoft Purview
Recently, Microsoft announced Microsoft Purview, a new product branding bringing together the Azure Purview data governance service with various Microsoft 365 compliance solutions.
-
How Meta Uses Privacy-Friendly Credentials in De-Identified Authentication
Meta uses authentication to protect its service’s endpoints against abusive usage. Post-processing access data to remove personally identifiable information is an approach they found too resource-intensive. An article was published recently explaining how Meta leveraged de-identified authentication to protect their services and their user’s privacy at the same time.
-
Veracode Report Shows Signs of Progress in Securing Software Supply Chain
Veracode's recently released State of Software Security report found a general decline in the number of known security vulnerabilities found in third-party libraries along with a trend towards smaller applications being scanned more regularly for issues. It also finds that the industry still has a long way to go.
-
AWS Firewall Manager Supports Palo Alto Networks Cloud Next Generation Firewalls
AWS recently announced that Firewall Manager supports Palo Alto Networks Cloud Next Generation Firewalls (NGFW). Palo Alto Networks partnered with the cloud provider to offer a managed firewall service designed to simplify securing AWS deployments.
-
Hardware Mitigation on Intel, Arm, and AMD CPUs Shown Ineffective against Spectre v2
Security researchers from Vrije Universiteit Amsterdam showed the hardware mitigations to Spectre v2 attacks implemented in both Intel and Arm processors have fundamental flaws that make them vulnerable to branch history injection.
-
Google Cloud Introduces Community Security Analytics
Google Cloud recently released Community Security Analytics (CSA), a set of open-sourced queries and rules for security analytics designed to help detect common cloud-based threats.
-
Deep Learning Toolkit Intel OpenVINO Extends API, Improves Performance, and More
The latest release of Intel OpenVINO offers a cleaner API, expands support for natural language processing, and improves performance and portability thanks to its new AUTO plugin. InfoQ has spoken with senior director AI Intel OpenVINO Matthew Formica to learn more.
-
AWS WAF Introduces Fraud Control - Account Takeover Prevention
Amazon recently introduced Fraud Control - Account Takeover Prevention, a new feature of AWS Web Application Firewall to protect login pages at network edge.
-
AWS Introduces Managed Prefix List for CloudFront
AWS recently announced the availability of the AWS managed prefix list for CloudFront. Customers can now limit inbound HTTP/HTTPS traffic to a VPC and an application from only IP addresses that belong to CloudFront’s origin-facing servers.
-
AWS CloudFormation Hooks Provide Proactive Validation of CloudFormation Operations
AWS has announced the general availability of AWS CloudFormation Hooks which allow for custom logic prior to a create, update, or delete CloudFormation stack operation. CloudFormation hooks support versioning, public and private distribution, and can be published into multiple AWS accounts and regions.
-
Report Finds 75% of Cloud Runtimes Contain High or Critical Vulnerabilities
Sysdig’s latest cloud-native and security-usage report finds that shipping containers with vulnerabilities has become standard practice - with the report finding that 75% of containers have high severity vulnerabilities which could have been patched. The report stresses that many organisations find this to be an acceptable risk, in order to move and release quickly.
-
Runtime Security Project Falco Adds Extensible Plugin Framework
Falco, a cloud-native runtime security project, has released version 0.31.0. This release introduces a new plugin system for defining additional event sources and event extractors to Falco. The plugin system includes SDKs to simplify development and this release ships with a new AWS CloudTrail plugin.
-
Microsoft Releases Azure Payment HSM in Public Preview for the Payment Card Industry
Recently, Microsoft announced the public preview of a bare-metal infrastructure as a service (IaaS) Azure Payment HSM that provides cryptographic key operations for real-time payment transactions in Azure. It uses the Thales payShield 10K payment HSMs, which delivers a suite of payment security functionality proven in critical environments.
-
Aqua Security Reports Large Increase in Supply Chain Attacks
Aqua Security's recent report highlights the increasing threat of supply chain attacks. According to the report, supply chain attacks grew by 300% from 2020 to 2021 while the level of security across software development environments remained low. Google and the CNCF have recently released papers detailing approaches to improving the security of the supply chain.