InfoQ Homepage Security Content on InfoQ
-
ASP.NET Core Updates in .NET 9 Preview 2: Blazor, OIDC, OAuth and Configuring HTTP.sys
Microsoft released .NET 9 Preview 2 which contains some updates regarding ASP.NET Core: Blazor component constructor injection, and WebSocket compression for Blazor interactive server components. Furthermore, developers can streamline authentication integration by customising OIDC and OAuth parameters and configuring HTTP.sys extended authentication flags.
-
Google Cloud Launches Security Command Center Enterprise
Google Cloud has launched Security Command Center (SSC) Enterprise, a cloud risk management solution that offers proactive cloud security with enterprise security operations. The solution helps customers manage and mitigate risk across multi-cloud environments and is enhanced by Mandiant expertise.
-
Falco, Cloud-Native Security Tool for Kubernetes, Graduates from CNCF
CNCF announced the graduation of Falco, a tool designed for Linux systems and a de facto Kubernetes threat-detection engine. The project successfully met all graduation requirements, including undergoing the due diligence process, completing a third-party security audit, and obtaining the software licensing approvals.
-
Enhanced Protection for Large Language Models (LLMs) against Cyber Threats with Cloudflare for AI
Cloudflare recently announced a new capability called Firewall for AI in its Web Application Firewall (WAF) offering. The capability adds a new layer of protection that will identify abuse and attacks before they reach and tamper with Large Language Models (LLMs).
-
GUAC Joins OpenSSF as Incubating Project
The Graph for Understanding Artifact Composition (GUAC) has joined the Open Source Security Foundation (OpenSSF) as an incubating project. GUAC provides a tool and underlying API to analyse and visualise software bill of materials (SBOM) along with threat intelligence feeds to determine whether vulnerabilities impact an application.
-
Apple Debuts Post-Quantum Cryptography Cipher PQ3 for iMessage Communication
Apple announced a new quantum-resistant encryption protocol that will be used to secure iMessage communications, PQ3 against attack scenarios known as "harvest now, decrypt later".
-
Cloudflare Recaps Thanksgiving 2023 Incident and Response Actions
On Thanksgiving Day 2023, Cloudflare detected a threat actor on their self-hosted Atlassian server. Their security team responded by removing access and initiating an investigation. CrowdStrike's Forensic team was brought in for an independent analysis, the analysis. No Cloudflare customer data or systems were compromised.
-
AI and FinOps Predicted to Lead Observability Innovation in 2024
In recently published articles, three large observability companies have made predictions for the trends we will see in the observability area in 2024 and beyond. These contributions suggest that the fields of AI Integration, FinOps, OpenTelemetry and Security and Governance will impact observability significantly in the year ahead.
-
InfoQ & QCon Events: Level up on Generative AI, Security, Platform Engineering, and More Upcoming
As we navigate through these transformative times, the upcoming InfoQ events stand as a platform to help you stay ahead, learn valuable insights, and find practical solutions to your development challenges in 2024 and beyond. The events are carefully curated for senior software engineers, architects, and team leaders, offering practitioner insights into emerging trends, patterns, and practices.
-
TikTok Owner Open-Sources Next Gen Kubernetes Federation Tool
ByteDance, the company behind popular global platforms like TikTok, has unveiled KubeAdmiral, its next-generation cluster federation system for Kubernetes, designed to manage multiple clusters with the efficiency and effectiveness comparable to a seasoned navy admiral commanding a fleet. KubeAdmiral scales to run more than 10 million pods across dozens of federated Kubernetes clusters.
-
LeftoverLocals May Leak LLM Responses on Apple, Qualcomm, and AMD GPUs
Security firm Trail of Bits disclosed a vulnerability allowing malicious actors to recover data from GPU local memory on Apple, Qualcomm, AMD, and Imagination GPUs. Dubbed LeftoverLocals, the vulnerability affects any application using the GPU, including Large Language Models (LLMs) and machine learning (ML) models.
-
Cloudflare Releases 2024 API Security and Management Report
Cloudflare recently released its 2024 API Security and Management Report, providing insights, predictions, and recommendations for safeguarding APIs in the new year. The report analyses the growing risk of shadow APIs, the most common API errors, and global API usage across different industries.
-
LLMs May Learn Deceptive Behavior and Act as Persistent Sleeper Agents
AI researchers at OpenAI competitor Anthropic trained proof-of-concept LLMs showing deceptive behavior triggered by specific hints in the prompts. Furthermore, they say, once deceptive behavior was trained into the model, there was no way to circumvent it using standard techniques.
-
Regionally-Scoped Google’s Cloud Armor Security Policies
Google announced the general availability of regionally-scoped security policies for Google Cloud Armor: Google's premier DDoS defense and Web Application Firewall (WAF) solution.
-
Custom GPTs from OpenAI May Leak Sensitive Information
After it was reported that OpenAI has started rolling out its new GPT Store, it was also discovered that some of the data they’re built on is easily exposed. Multiple groups have begun finding that the system has the potential to leak otherwise sensitive information.