InfoQ Homepage Cloud Security Content on InfoQ
-
Slack's Lessons Learned from Supporting Highly Regulated Workloads on AWS GovCloud
Archie Gunasekara, staff software engineer at Slack, and Andrew Martin, staff software engineer at Slack, recently shared their learnings in building GovSlack, an instance of Slack running on the AWS GovCloud region. They shared challenges in adapting to unsupported services, account creation, and account isolation.
-
Google Boosts Sandboxed Container File System Performance by Improving gVisor
Google improved the file system implementation in gVisor, the open source isolation layer used in its commercial container-oriented offerings, such as App Engine, Cloud Run, and Cloud Functions. According to Google engineers Ayush Ranjan and Fabricio Voznika, the new gVisor file system, dubbed VFS2, may improve performance of file-intensive workloads by 50%-75% approximately.
-
Intel oneDAL Available in ML.NET
The first preview release of ML.NET 3.0, available since December, contains the integration with Intel oneAPI Data Analytics Library that leverages SIMD extensions on 64-bit architectures, which are available on Intel and AMD processors.
-
Kubernetes Report Finds Increase in Poorly Configured Workloads
Fairwinds, a provider of Kubernetes software, has released their Kubernetes Benchmark Report 2023. The report shows an overall trend of worsening configuration issues across the surveyed organizations. This includes increases in organizations running workloads allowing root access, workloads without memory limits set, and workloads impacted by image vulnerabilities.
-
Sigstore Releases Python Client
Sigstore has announced the 1.0 stable release of sigstore-python, a Python-based Sigstore-compatible client. The client provides a CLI as well as an importable Python API. It is able to sign and verify with any Sigstore-supported identity and has ambient identity detection for supported environments.
-
Critical Control Web Panel Vulnerability Still Under Exploit Months After Patch Available
A 9.8 severity vulnerability in Control Web Panel, previously known as CentOS Web Panel, allows an attacker to remotely execute arbitrary shell commands through a very simple mechanism. Although readily patched, security organizations are reporting it is under active exploit.
-
Cloudflare DDoS Report Finds Increase in Attack Volume and Duration
Cloudflare released its Distributed Denial of Service (DDoS) Threat Report for the fourth quarter of 2022. The report covers the DDoS attack landscape as detected by the Cloudflare network. HTTP DDoS attacks increased 79% year-over-year with ransom DDoS attacks seeing an increase as well. The report found that longer attacks are increasing especially with network-layer DDoS attacks.
-
Elastic 8.6 Released with Improvements to Observability, Security, and Search
Elastic has released Elastic 8.6 with improvements across the entire Elastic Search Platform including Elastic Enterprise Search, Elastic Observability, Elastic Security, and Kibana. The release includes additional connector clients, better observability of dependencies, improvements to alerts generated from prebuilt security rules, and temporary data views.
-
SBOM Quality and Availability Varies Greatly across Projects
A recent assessment of the quality and availability of SBOMs in open-source repositories found the availability and implementation to vary widely. The OpenSSF's Open Source Software Security Mobilization Plan has a dedicated stream to improving the availability, generation, and consumption of SBOMs.
-
Report Finds Heavy Use of Open-Source Solutions for Kubernetes Security
A recent survey by Armo on the use of security software solutions with Kubernetes found that over half of respondents leverage open-source tooling. Companies using open-source tooling use on average 3.6 different tools. These open-source tools were predominately used for service mesh, network policy and micro-segmentation, and misconfiguration scanning.
-
Google Cloud Introduces Sensitive Actions to Improve Security for Premium Accounts
Google Cloud announced the preview of Sensitive Actions Service, a premium security feature to identify potentially risky behaviors on the cloud. The service detects when actions are taken in a GCP organization that could be damaging if taken by a malicious actor.
-
AWS Announces Upcoming Security Changes in April 2023 for Amazon S3
Recently AWS announced it would make two changes to Amazon Simple Storage Service (Amazon S3): all buckets in a region will have S3 Block Public Access enabled and access control lists (ACLs) disabled by default. These changes will take effect in April 2023 and will be rolled out by the company in all AWS regions within weeks.
-
Spotify Releases Enterprise Plugin Bundle for Backstage
Spotify has released five plugins for Backstage as a purchasable bundle. The five plugins cover a variety of use cases including compliance, access control, employee education and satisfaction, and usage metrics. The plugins are a mix of existing Spotify tooling and new development specifically for this bundle.
-
AWS Key Management Service Now Supports External Key Stores
AWS recently announced the availability of AWS Key Management Service (AWS KMS) External Key Store (XKS), allowing organizations to store and manage their encryption keys outside the AWS KMS service.
-
GitLab Releases Single-Tenant SaaS Offering for Strict Security and Compliance
GitLab has released a new product - GitLab Dedicated - for customers in industries with strict security and compliance requirements wishing to move their DevOps software solutions from on-premise to the cloud.