InfoQ Homepage Cloud Security Content on InfoQ
-
Google Cloud Blocks Largest Layer 7 DDoS Attack
Google claims to have recently fended off the largest ever HTTPS-based distributed denial of service attack, which peaked at 46 million requests per second. According to the cloud provider, the DDoS attack was quickly detected and stopped at the edge of Google’s network, and the customer was not impacted.
-
New Microsoft Defender Products: Threat Intelligence and External Attack Surface Management
Microsoft recently announced two security products: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management. These new products are driven by their acquisition of RiskIQ just over a year ago.
-
Amazon GuardDuty Introduces Malware Detection
At the recent re:Inforce security conference, AWS announced the availability of malware detection for Amazon GuardDuty. The new functionality of the managed threat detection service initiates a scan of the EBS volumes when it detects suspicious behavior indicative of malware on EC2 or containers.
-
Developing and Evolving SaaS Infrastructures for Enterprises
SaaS companies that are focused on the enterprise market need to evolve their infrastructure to meet the security, reliability, and other IT requirements of their customers. IT admins and large customers are two important sources of requirements to drive development.
-
AWS Expands Amazon Detective for Kubernetes Workloads on Amazon EKS
Amazon Detective is a security service in AWS that allows customers to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Recently, AWS announced the expansion of Amazon Detective towards Kubernetes workloads on Amazon’s Elastic Kubernetes Service.
-
OpenSSL Releases Fix for High-Severity Vulnerability
OpenSSL 3.0.4, released less than a month ago, introduced a bug that enabled a remote code execution vulnerability on machines computing 2048 bit RSA keys on X86_64 CPUs. A fix is now available in OpenSSL 3.0.5.
-
Google Cloud Announces Advanced API Security through Apigee
Recently Google announced the public preview of Advanced API Security, a comprehensive set of API security capabilities built on Apigee, their API management platform. With the new capability, customers can detect security threats more efficiently.
-
TLS 1.2 Becoming the Minimum TLS Protocol Level on AWS
AWS recently announced that TLS 1.2 is going to become the minimum protocol level for API endpoints. The cloud provider will remove backward compatibility and support for versions 1.0 and 1.1 on all APIs and regions by June 2023.
-
SynLapse: Orca Security Publishes Details for Critical Azure Synapse Vulnerability
In a recent article, Orca Security describes the technical details of SynLapse, a critical Synapse Analytics vulnerability in Azure that allowed attackers to bypass tenant separation. The issue has now been addressed, but the timing and the disclosure process have raised concerns in the community.
-
OpenSSF Releases Fuzz Introspector to Improve C/C++ Fuzz Testing Coverage
The Open Source Security Foundation (OpenSSF) has just released a tool to improve fuzzing coverage by providing actionable insights to developers and helping them identify coverage blockers.
-
HashiCorp Vault Improves Eventual Consistency with Server-Side Consistent Tokens
HashiCorp has released Vault 1.10, introducing a number of new features to their secrets and identity management platform. Server-side consistent tokens provide greater control over the eventual consistency model when using performance standby nodes. Authentication can now be performed using the new open source login multi-factor authentication integration.
-
Amazon EC2 Supports NitroTPM and UEFI Secure Boot
AWS recently announced the general availability of the UEFI Secure Boot and of NitroTPM, a virtual TPM module for EC2 instances based on the AWS Nitro System. The new features are designed for boot-process validation, key protection and digital rights management.
-
Microsoft Rebrands its Data Governance Service to Microsoft Purview
Recently, Microsoft announced Microsoft Purview, a new product branding bringing together the Azure Purview data governance service with various Microsoft 365 compliance solutions.
-
Veracode Report Shows Signs of Progress in Securing Software Supply Chain
Veracode's recently released State of Software Security report found a general decline in the number of known security vulnerabilities found in third-party libraries along with a trend towards smaller applications being scanned more regularly for issues. It also finds that the industry still has a long way to go.
-
AWS Firewall Manager Supports Palo Alto Networks Cloud Next Generation Firewalls
AWS recently announced that Firewall Manager supports Palo Alto Networks Cloud Next Generation Firewalls (NGFW). Palo Alto Networks partnered with the cloud provider to offer a managed firewall service designed to simplify securing AWS deployments.