InfoQ Homepage Security Content on InfoQ
-
AppDeveloperCon Offers Deep Dives into Developer-Focused CNCF Projects
Monday the 6th of November in Chicago Illinois, Application Developer Con was held during the co-located events at KubeCon North America 2023. The full day event focused on cloud native developers and featured talks on CNCF projects (such as OpenFGA, Dapr, TestContainers, and OpenFeature), eventing, patterns like choreography/orchestration, and ways of working in today’s cloud native environments.
-
AWS Restructures and Consolidates Its Well-Architected Framework
AWS published a new set of updates to its Well-Architected Framework, with changes across all six pillars of the framework. The performance efficiency and operational excellence pillars have been restructured and consolidated to reduce the number of best practices. Other pillars received improved implementation guidance, including recommendations and steps on reusable architecture patterns.
-
Seven Essential Tracks at QCon London 2024: GenAI, FinTech, Platform Engineering & More!
InfoQ’s international software development conference, QCon London, returns on April 8-10, 2024. The conference will feature 15 carefully curated tracks and 60 technical talks over 3 days.
-
eBPF Kubernetes Security Tool Tetragon Improves Performance and Stability
Isovalent has announced the 1.0 release of Cilium Tetragon, their eBPF-based Kubernetes security observability and runtime enforcement tool. Policies and filters can be applied directly via eBPF to monitor process execution, privilege escalations, and file and network activity.
-
Do Gen AI and OSS Regulation Bring Us Further Away from Exiting the Dependency Hell?
“The security of the software supply chain problem” still persists according to the yearly State Of Supply Chain report. It improved, but there is still a long way to go, given that 96% of all vulnerable downloads were avoidable. Besides the usual insights of how far from exiting the "dependency hell" we are, the novel challenges of 2023 include the legislative adoption of Gen AI-associated risks.
-
Cloudflare, Google and AWS Disclose HTTP/2 Zero-Day Vulnerability
On October 10th, Cloudflare, Google, and AWS disclosed a novel zero-day vulnerability attack known as the "HTTP/2 Rapid Reset." This attack exploits a weakness in the HTTP/2 protocol to generate enormous Distributed Denial of Service (DDoS) attacks, up to almost 400 million requests per second (rps).
-
Cloudflare Post-Quantum Cryptography Now Generally Available, Including Origin Servers
Cloudflare has announced the general availability of post-quantum cryptography for a number of its services and internal systems. While promising a higher standard of privacy for the post-quantum era, the new feature depends on post-cryptography support in browsers and on the final link between Cloudflare and origin servers.
-
TorchServe Potentially Exposed to Remote Code Execution
Israeli-based security company Oligo has uncovered multiple vulnerabilities in TorchServe, the tool used to serve PyTorch models, that could allow an attacker to run arbitrary code on vulnerable systems. The vulnerabilities have been promptly fixed in TorchServe version 0.82.
-
GitHub Advanced Security Generally Available for Azure DevOps
Microsoft announced the general availability of GitHub Advanced Security for Azure DevOps, allowing users to integrate code, secret, and dependency scanning into their Azure Repos and benefit from the latest updates.
-
Cloudflare Turnstile: CAPTCHA Replacement Now GA and Available for Free
Cloudflare recently announced that Turnstile is now generally available and free for everyone. Designed as an alternative to traditional challenge-response tests, Turnstile is a checkbox designed to preserve user privacy, stop bots, and enhance the user experience.
-
Combating AI-Generated Fake Images with JavaScript Libraries, by Kate Sills at QCon San Francisco
At the recent QCon San Francisco conference Kate Sills gave a talk about combating AI-generated fake images using existing JavaScript libraries. She advocated for using cryptographic timestamping to ensure the time photos were taken, and using digital signatures to verify that the image was made by a legitimate source.
-
Microsoft AI Researchers Accidentally Exposed 38TB of Sensitive Data
Security researchers at cloud-security company Wiz discovered a data leak affecting Microsoft's AI GitHub repository, including a huge amount of private data and a disk backup of two employees' workstations with sensitive data.
-
AI a “Must-Have” in GitLab’s 2023 Global DevSecOps Report
GitLab has released their 2023 Global DevSecOps AI report, with the key finding that AI and ML use is evolving from a "nice-to-have" to a "must-have". The report shows that 23% of organizations are already using AI in software development, and of those, 60% are using it daily. Furthermore, 65% of respondents said they are using AI and ML for testing now, or would be within the next three years.
-
GitHub Dependabot Gets Customizable Auto-Triage Rules to Reduce False Positives
After launching Dependabot's auto-dismiss policies a few months ago to reduce the number of false positive alerts, GitHub is now adding custom rules support for developers to define the criteria to auto-dismiss and reopen alerts.
-
Cloudflare One Data Protection Suite for Data Security across Web, Private, and SaaS Applications
Cloudflare recently announced its One Data Protection Suite, a unified set of advanced security solutions designed to protect data across every environment – web, private, and SaaS applications. The company states the suite is powered by Cloudflare’s Security Service Edge (SSE), allowing customers to streamline compliance in the cloud, mitigate data exposure and loss of source code.