InfoQ Homepage Cloud Security Content on InfoQ
-
Microsoft Warns Customers about a Critical Vulnerability in Azure Cosmos DB
Azure Cosmos DB is a globally-distributed and fully-managed NoSQL database service. Recently, Microsoft warned thousands of its Cosmos DB customers of a vulnerability that exposes their data. A flaw in the service could grant a malicious actor access keys to steal, edit or delete sensitive data.
-
AWS Introduces Security Analytics Bootstrap to Perform Security Investigations
AWS recently announced Security Analytics Bootstrap, an open source framework to perform security investigations on AWS service logs using an Amazon Athena analysis environment.
-
Is CVE the Solution for Cloud Vulnerabilities?
At the recent Black Hat USA 2021, security experts from cloud infrastructure company Wiz argued that a CVE database for cloud vulnerabilities is needed, starting a debate in the cloud and cybersecurity communities.
-
AWS Announces Amazon EC2 M6i Instances Powered by Latest-Generation Intel Xeon Scalable Processors
Recently AWS announced the availability of the new general-purpose Amazon EC2 M6i instances. The new Amazon EC2 M6i instances deliver up to 15 percent more performance and a better price when compared to the fifth-generation instances and always-on memory encryption using Intel Total Memory Encryption (TME).
-
Google Releases Its Certificate Authority Service into General Availability
The Google Cloud Certificate Authority Service (CAS) is a scalable service for managing and deploying private certificates via automation and managing public key infrastructure (PKI). And last month, Google announced the general availability (GA) of this service.
-
Microsoft Announces Public Preview of Bastion Standard SKU
Azure Bastion is a fully-managed Platform as a Service (PaaS) solution providing customers a secure way to connect to a virtual machine using a browser and the Azure portal. Recently, the company announced the public preview of the second Stock Keeping-Unit (SKU) called Standard.
-
AWS Key Management Service Introduces Multi-Region Keys
AWS has recently announced the availability of KMS multi-region keys, a new feature for client-side applications that makes encrypted data portable across regions.
-
Bridgecrew's Yor Provides Automated Tagging for Infrastructure as Code
Bridgecrew recently released Yor, their open-source tool for automated infrastructure as code tagging. Yor automatically adds tags to infrastructure configurations which are then applied to the running cloud resources, simplifying connecting the active resources back to the code that created them. Yor currently supports Terraform, CloudFormation, and Serverless.
-
Aqua Security's Latest Report Highlights Increase in Cloud Attacks
Aqua Security published a report outlining their analysis of a year's worth of security remediation data. This report found that nearly no organization addressed all identified issues with enterprise organizations taking on average 88 days to resolve the issues they do address. Their analysis found a large increase in attacks against container-based and cloud-native infrastructure.
-
New Exploit Breaks Current Spectre Defenses; Fixes Hard without Performance Impact
Researchers from the University of Virginia School of Engineering recently disclosed a new Spectre hardware exploit that can steal secrets via Intel/AMD micro-op caches and circumvents current Spectre defenses. Intel and AMD say no new guidance is needed. Researchers say suggested fixes are inconvenient to deploy or have performance drawbacks.
-
Infosec Teams Expand Use of Security Tools to Address Cloud Complexity, Survey Finds
The Cloud Security Alliance (CSA), a non-profit organization, recently published its findings on the state of cloud security practices which shows accelerating cloud adoption, but a need for more sophisticated security approaches.
-
Infrastructure Vulnerability Scanner Checkov Adds Context Aware Assessments
Bridgecrew has announced the first 2.x version of Checkov. Checkov is an open-source scanner for infrastructure as code (IaC). The 2.0 release includes a re-architected backend that is now graph-based allowing for better processing of multi-resource queries. There has also been an increase in coverage with the addition of nearly 250 new policies.
-
Netflix Open Sources ConsoleMe to Manage Permissions and Access on AWS
Netflix has recently open-sourced ConsoleMe, a AWS multi-account management service, and its CLI utility, Weep. The tools provide a central control plane for permissions management across all of AWS accounts of an organization and help to implement the principle of least privilege.
-
GitHub Changes Token Format to Improve Identifiability, Secret Scanning, and Entropy
GitHub has recently moved to a new format for all of its tokens, including personal access, OAuth access, user-to-server and server-to-server, and refresh tokens. As GitHub engineer Heather Harvey explains, the new format aims to make tokens more easily identifiable, including when scanning repos for secrets, and to increase their entropy.
-
HashiCorp Announces the General Availability of HCP Vault on AWS
Recently, HashiCorp announced the general availability of their fully-managed Vault service for AWS environments on the HashiCorp Cloud Platform (HCP). With Vault, customers can leverage a SaaS service with secret management and encryption capabilities.