InfoQ Homepage Cloud Security Content on InfoQ
-
Google Cloud Announces Advanced API Security through Apigee
Recently Google announced the public preview of Advanced API Security, a comprehensive set of API security capabilities built on Apigee, their API management platform. With the new capability, customers can detect security threats more efficiently.
-
TLS 1.2 Becoming the Minimum TLS Protocol Level on AWS
AWS recently announced that TLS 1.2 is going to become the minimum protocol level for API endpoints. The cloud provider will remove backward compatibility and support for versions 1.0 and 1.1 on all APIs and regions by June 2023.
-
SynLapse: Orca Security Publishes Details for Critical Azure Synapse Vulnerability
In a recent article, Orca Security describes the technical details of SynLapse, a critical Synapse Analytics vulnerability in Azure that allowed attackers to bypass tenant separation. The issue has now been addressed, but the timing and the disclosure process have raised concerns in the community.
-
OpenSSF Releases Fuzz Introspector to Improve C/C++ Fuzz Testing Coverage
The Open Source Security Foundation (OpenSSF) has just released a tool to improve fuzzing coverage by providing actionable insights to developers and helping them identify coverage blockers.
-
HashiCorp Vault Improves Eventual Consistency with Server-Side Consistent Tokens
HashiCorp has released Vault 1.10, introducing a number of new features to their secrets and identity management platform. Server-side consistent tokens provide greater control over the eventual consistency model when using performance standby nodes. Authentication can now be performed using the new open source login multi-factor authentication integration.
-
Amazon EC2 Supports NitroTPM and UEFI Secure Boot
AWS recently announced the general availability of the UEFI Secure Boot and of NitroTPM, a virtual TPM module for EC2 instances based on the AWS Nitro System. The new features are designed for boot-process validation, key protection and digital rights management.
-
Microsoft Rebrands its Data Governance Service to Microsoft Purview
Recently, Microsoft announced Microsoft Purview, a new product branding bringing together the Azure Purview data governance service with various Microsoft 365 compliance solutions.
-
Veracode Report Shows Signs of Progress in Securing Software Supply Chain
Veracode's recently released State of Software Security report found a general decline in the number of known security vulnerabilities found in third-party libraries along with a trend towards smaller applications being scanned more regularly for issues. It also finds that the industry still has a long way to go.
-
AWS Firewall Manager Supports Palo Alto Networks Cloud Next Generation Firewalls
AWS recently announced that Firewall Manager supports Palo Alto Networks Cloud Next Generation Firewalls (NGFW). Palo Alto Networks partnered with the cloud provider to offer a managed firewall service designed to simplify securing AWS deployments.
-
Google Cloud Introduces Community Security Analytics
Google Cloud recently released Community Security Analytics (CSA), a set of open-sourced queries and rules for security analytics designed to help detect common cloud-based threats.
-
AWS WAF Introduces Fraud Control - Account Takeover Prevention
Amazon recently introduced Fraud Control - Account Takeover Prevention, a new feature of AWS Web Application Firewall to protect login pages at network edge.
-
AWS Introduces Managed Prefix List for CloudFront
AWS recently announced the availability of the AWS managed prefix list for CloudFront. Customers can now limit inbound HTTP/HTTPS traffic to a VPC and an application from only IP addresses that belong to CloudFront’s origin-facing servers.
-
Report Finds 75% of Cloud Runtimes Contain High or Critical Vulnerabilities
Sysdig’s latest cloud-native and security-usage report finds that shipping containers with vulnerabilities has become standard practice - with the report finding that 75% of containers have high severity vulnerabilities which could have been patched. The report stresses that many organisations find this to be an acceptable risk, in order to move and release quickly.
-
Runtime Security Project Falco Adds Extensible Plugin Framework
Falco, a cloud-native runtime security project, has released version 0.31.0. This release introduces a new plugin system for defining additional event sources and event extractors to Falco. The plugin system includes SDKs to simplify development and this release ships with a new AWS CloudTrail plugin.
-
Microsoft Releases Azure Payment HSM in Public Preview for the Payment Card Industry
Recently, Microsoft announced the public preview of a bare-metal infrastructure as a service (IaaS) Azure Payment HSM that provides cryptographic key operations for real-time payment transactions in Azure. It uses the Thales payShield 10K payment HSMs, which delivers a suite of payment security functionality proven in critical environments.