InfoQ Homepage Cloud Security Content on InfoQ
-
Attackers Found Building Malicious Container Images Directly on Host
Aqua’s cyber security research team, ‘Nautilus,’ has found a new attack technique targeting misconfigured Docker Daemon API ports to build an image directly on the target host container infrastructure, in order to mine cryptocurrency. Further investigation by the team uncovered an associated 330k malicious image pulls from an infrastructure of 23 container images stored in Docker Hub.
-
Snyk Releases Enhanced Vulnerability Prioritization Features
Snyk has announced the release of a number of new features to simplify prioritizing security vulnerabilities. This includes a new, proprietary algorithm to assess and provide a score for each identified issue. This approach takes into account the maturity of the exploit and can analyze if the affected code is reachable through application execution.
-
Google Launches Confidential VMs in Beta on Its Cloud Platform
In a recent blog post, Google announced Confidential VMs, a new type of virtual machine that makes use of the company’s work around confidential computing to ensure that data isn’t just encrypted at rest but also while it is in memory.
-
AWS Open-Sources CloudFormation Compliance Analyzer
AWS has announced the preview release of CloudFormation Guard, an open-source CLI tool to enforce compliance policies against CloudFormation templates. cfn-guard provides a lightweight, declarative syntax for defining rules. It supports lists, wildcards, regex,and declaration of variables, and can work with CloudFormation intrinsic functions.
-
Production Identity Framework SPIRE Graduates to CNCF Incubator
The Cloud Native Computing Foundation has accepted SPIFFE and SPIRE as incubation level projects. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE APIs that is production ready.
-
55th Anniversary of Moore's Law
April 2020 marks 55 years since Intel co-founder Gordon Moore published ‘Cramming more components onto integrated circuits’. For over 50 years Intel and its competitors kept making Moore’s law come true, but more recently efforts to push down chip feature size have been hitting trouble with limitations in economics and physics that force us to consider what happens in a post Moore’s law world.
-
Vulnerability Scanner Trivy Now Available as Integrated Option within Harbor
Aqua Security has announced that Trivy, their open source vulnerability scanner, is now available as an integrated option within a number of platforms. Trivy is able to scan for vulnerabilities within operating systems and a number of common application dependencies.
-
Alcide's New sKan Command Line Tool Scans Kubernetes Deployment Files
Alcide, a Kubernetes security platform, has announced the release of sKan, a command line tool that allows developers, DevOps and Kubernetes application builders access to the Alcide Security Platform. sKan enables developers to scan Kubernetes configuration and deployment files as part of their application development lifecycle including CI pipelines.
-
AWS Announces the General Availability of New Security Service: Amazon Detective
Recently, Amazon announced the general availability of Amazon Detective. This new security service in AWS allows customers to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
-
Benchmarks for Amazon's Graviton2 Arm Processor
AnandTech has published 'Amazon's Arm-based Graviton2 against AMD and Intel' which includes comprehensive benchmarks across Amazon’s general purpose instances. The cost analysis section describes ‘An x86 Massacre’, as while the pure performance of the Arm chip is generally in the same region as the x86 competitors, its lower price means the price/performance is substantially better.
-
Azure Sphere, a Secure IoT Platform, Reaches General Availability
In a recent blog post, Microsoft announced the general availability (GA) of Azure Sphere, an end-to-end IoT Security Platform. The Azure Sphere platform focuses on three key areas including microcontroller units (MCUs), a secure operating system (OS), which is based upon Linux, and providing cloud security services including software updates and detecting emerging threats.
-
Elastic Stack 7.6 Released with Security, Performance, and Observability Improvements
Elastic announced the release of Elastic Stack 7.6. This release contains a number of security improvements including a new SIEM detection engine and a redesigned SIEM overview dashboard page. This release also includes performance improvements to queries that are sorted by date, enhanced supervised machine learning capabilities, and support for ingesting Jaeger trace data.
-
Compliance and the California Privacy Act - the Empire Strikes Back
On January 1, 2020, the California Privacy Act came into effect. Many companies have not complied with the law, and the long term effects of the legislation are unclear.
-
Linode Announces DDoS Protection Across Its Global Network
Linode announced the availability of its DDoS protection service across its network for detection and mitigation of DDoS attacks.
-
Keeping Credentials Safe, Google Introduces Cloud Secret Manager
In a recent blog post, Google announced a new service, called Secret Manager, for managing credentials, API keys and certificates when using Google Cloud Platform. The service is currently in beta and the intent of this service is to reduce secret sprawl within an organization’s cloud deployment and ensure there is a single source of truth for managing credentials.