InfoQ Homepage Cloud Security Content on InfoQ
-
Canonical Takes a Chisel to Ubuntu with Ultra-Small Container Images
Canonical has officially released chiselled Ubuntu containers, offering production-ready, secure, and ultra-small container images with a focus on efficiency and security. These container images allow users to build images that only contain their application and its runtime dependencies, excluding unnecessary operating system-level packages, utilities, or libraries.
-
Amazon EC2 Enhances Defense in Depth with Default IMDSv2
To improve defense against open firewalls, reverse proxies, and SSRF vulnerabilities, AWS has recently announced that new Amazon EC2 instance types will support only version 2 of the EC2 Instance Metadata Service (IMDSv2). For transition support, customers will still be able to enable IMDSv1.
-
Azure Bastion Developer SKU: Cheaper Secure Connectivity to Azure Virtual Machines
Azure has recently announced the public preview of Bastion Developer SKU, the latest addition to the managed bastion service on Azure. The new option targets dev/test users seeking secure and simple VM connections without the need for additional features or scalability.
-
AWS Restructures and Consolidates Its Well-Architected Framework
AWS published a new set of updates to its Well-Architected Framework, with changes across all six pillars of the framework. The performance efficiency and operational excellence pillars have been restructured and consolidated to reduce the number of best practices. Other pillars received improved implementation guidance, including recommendations and steps on reusable architecture patterns.
-
eBPF Kubernetes Security Tool Tetragon Improves Performance and Stability
Isovalent has announced the 1.0 release of Cilium Tetragon, their eBPF-based Kubernetes security observability and runtime enforcement tool. Policies and filters can be applied directly via eBPF to monitor process execution, privilege escalations, and file and network activity.
-
GitHub Advanced Security Generally Available for Azure DevOps
Microsoft announced the general availability of GitHub Advanced Security for Azure DevOps, allowing users to integrate code, secret, and dependency scanning into their Azure Repos and benefit from the latest updates.
-
Microsoft AI Researchers Accidentally Exposed 38TB of Sensitive Data
Security researchers at cloud-security company Wiz discovered a data leak affecting Microsoft's AI GitHub repository, including a huge amount of private data and a disk backup of two employees' workstations with sensitive data.
-
AI a “Must-Have” in GitLab’s 2023 Global DevSecOps Report
GitLab has released their 2023 Global DevSecOps AI report, with the key finding that AI and ML use is evolving from a "nice-to-have" to a "must-have". The report shows that 23% of organizations are already using AI in software development, and of those, 60% are using it daily. Furthermore, 65% of respondents said they are using AI and ML for testing now, or would be within the next three years.
-
Cloudflare One Data Protection Suite for Data Security across Web, Private, and SaaS Applications
Cloudflare recently announced its One Data Protection Suite, a unified set of advanced security solutions designed to protect data across every environment – web, private, and SaaS applications. The company states the suite is powered by Cloudflare’s Security Service Edge (SSE), allowing customers to streamline compliance in the cloud, mitigate data exposure and loss of source code.
-
AWS Introduces Dedicated Local Zones for Sovereignty Requirements
AWS has recently introduced Dedicated Local Zones, enabling customers to isolate sensitive workloads to meet their digital sovereignty requirements. This new option is designed for public sector and regulated industry customers who need dedicated infrastructure.
-
AWS Launches AWS Private CA Connector for Active Directory
AWS recently launched the AWS Private Certificate Authority (CA) Connector for Active Directory (AD). It is a new feature that allows enterprises to use AWS Private CA as a drop-in replacement for self-managed enterprise certificate authorities without the need to deploy, patch, or update local agents or proxy servers.
-
Cross-Cloud Network: Google Introduces Platform to Connect Applications across Clouds
During the recent Google Cloud Next conference, the cloud provider announced Cross-Cloud Network, a solution to connect applications across different clouds. The new platform aims to simplify multi-cloud networking with a focus on speed and security.
-
New Downfall Attack Could Lead to Sensitive Data Leakage on Intel Processors
Security researcher Daniel Moghimi discovered a new side-channel vulnerability affecting Intel processors that could be exploited to steal data from other users or apps running on the same computer. Dubbed Downfall, the vulnerability has been patched by Intel and mitigated by most major OS vendors.
-
Chrome Supports Key Pinning on Android to Improve Security
Key pinning, a technique used to prevent an attacker from tricking a vulnerable certificate authority (CA) into issuing an apparently valid certificate for a server, is now used in Chrome for Android, version 106, to help prevent man-in-the-middle attacks against Google services.
-
Enhancing Security with Google Cloud's Service Account Key Expiry Feature
Google Cloud has recently introduced service account key expiry to address security challenges associated with long-lived service account keys. With this capability, the company states that "customers can now configure an Organization Policy at the organization, folder, and project level to limit the usable duration of new service account keys”.