InfoQ Homepage Cloud Security Content on InfoQ
-
AWS and Cloudflare Add Bot Management Features to Their Firewalls
Both AWS and Cloudflare have released new bot mitigation features into their respective firewall products. Both releases provide additional features for filtering out unwanted bot traffic from reaching the application.
-
Two Hidden Instructions Discovered in Intel CPUs Enable Microcode Modification
Security researchers Mark Ermolov, Dmitry Sklyarov, and Maxim Goryachy discovered two undocumented x86 instructions that can be used to modify the CPU microcode. The instructions can only be executed when the CPU runs in debug mode, which makes them not easily exploitable, though.
-
Cloudflare Announces New Web Application Firewall
Cloudflare has recently introduced a new Web Application Firewall. The latest engine is written in Rust, provides better performances and integrates with other Cloudflare products.
-
Google Cloud Releases Its Healthcare Consent Management API to General Availability
Google Cloud recently announced it would release its Healthcare Consent Management API to general availability to provide healthcare application developers and clinical researchers a simple way to manage individuals' consent over health data use. The Healthcare Consent Management API is part of the Cloud Healthcare API offering on the Google Cloud Platform (GCP).
-
Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA
Microsoft recently released a few new Azure Active Directory (AD) features, namely My Apps "collections" and new "risk detections" capabilities, into general availability (GA). With these features, the company intends to simplifying identity and access management while also enhancing the customization and controls.
-
Microsoft Releases Azure Attestation into General Availability
Microsoft recently announced the general availability of Azure Attestation, a unified solution for remotely verifying the trustworthiness of a platform and the integrity of the binaries running inside it.
-
Microsoft Releases Azure Firewall Premium in Public Preview
Microsoft Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. The company recently announced a preview release of a premium version of the cloud-based network security service.
-
AWS Outposts Now Supports Amazon Elastic Block Store Local Snapshots
Recently AWS announced that its Outposts service now supports Amazon Elastic Block Store (ESB) local snapshots. With Amazon EBS Local Snapshots on Outposts, customers can store snapshots of their Amazon EBS volumes locally on Amazon S3 on Outposts to meet their data residency and local data processing needs.
-
Open Policy Agent Graduates at CNCF
The CNCF announced the graduation of the Open Policy Agent (OPA) project. OPA is an open source policy management and enforcement engine that has declarative policies and integrates with various systems including Kubernetes.
-
Newest TeamTNT IRC Bot Steals AWS and Docker Credentials
Cybercrime group TeamTNT’s internet relay chat (IRC) bot has had its functionality expanded from resource theft for crypto-mining to include the theft of Docker API, AWS, GCP and secure shell (SSH) credentials. Researchers have identified multiple recent changes in post-invasion behaviour. The crime group have likened it to a 'Docker Gatling Gun'.
-
HashiCorp Announces Public Beta of HCP Vault
In a recent blog post, HashiCorp announced the public beta of HashiCorp Vault on its Cloud Platform (HCP). With Vault, customers can leverage a managed cloud service to provide them with secret management and encryption capabilities.
-
Microsoft Launches New Data Governance Service Azure Purview in Public Preview
Recently Microsoft announced a new data governance solution in public preview on its cloud platform called Azure Purview. This new service automates the discovery of data and cataloging while minimizing compliance risk and helps customers map all their data, no matter where it resides, to provide an end-to-end view of their data estate.
-
Five Years of Lets Encrypt
Five years ago, a non-profit organisation set up a public certificate authority, with the intent of enabling websites to become more secure by default through automated provisioning of TLS certificates. Five years later, and Lets Encrypt is putting together its own top-level root CA, which will be served by default next year - but some older Android versions won't be able to use it.
-
HashiCorp Vault Adds Tokenization and Auto-Join Features
HashiCorp has released Vault 1.6, adding new features to their secrets and identity management platform. Cloud auto-join facilitates automatically attaching new Vault nodes to the cluster. The transform secrets engine now supports tokenization to better secure data stored outside of Vault. Additional features include integration with key management services and support for seal migration.
-
How SAD DNS Works
SAD DNS is a new variant of DNS cache poisoning that allows an attacker to inject malicious DNS records into a DNS cache, thus redirecting any traffic to their own server and become a man-in-the-middle (MITM).