InfoQ Homepage Cloud Security Content on InfoQ
-
New Downfall Attack Could Lead to Sensitive Data Leakage on Intel Processors
Security researcher Daniel Moghimi discovered a new side-channel vulnerability affecting Intel processors that could be exploited to steal data from other users or apps running on the same computer. Dubbed Downfall, the vulnerability has been patched by Intel and mitigated by most major OS vendors.
-
Chrome Supports Key Pinning on Android to Improve Security
Key pinning, a technique used to prevent an attacker from tricking a vulnerable certificate authority (CA) into issuing an apparently valid certificate for a server, is now used in Chrome for Android, version 106, to help prevent man-in-the-middle attacks against Google services.
-
Enhancing Security with Google Cloud's Service Account Key Expiry Feature
Google Cloud has recently introduced service account key expiry to address security challenges associated with long-lived service account keys. With this capability, the company states that "customers can now configure an Organization Policy at the organization, folder, and project level to limit the usable duration of new service account keys”.
-
Microsoft Announces Preview of Azure Application Gateway for Containers
Microsoft recently announced the preview of Azure Application Gateway for Containers - a new application (layer 7) load balancing and dynamic traffic management product for workloads running in a Kubernetes cluster. It extends Azure's Application Load Balancing portfolio and is a new offering under the Application Gateway product family.
-
Sysdig Announces Cloud Native Application Protection Platform
Sysdig recently unveiled the industry's first Cloud Native Application Protection Platform (CNAPP) with end-to-end detection and response capabilities. This platform combines cloud detection and response (CDR) with CNAPP, integrating the power of open-source Falco for both agent and agentless deployment models.
-
KSOC Labs Release the First Kubernetes Bill of Materials (KBOMs)
KSOC labs recently announced the release of the first Kubernetes Bill of Materials(KBOMs). KBOM is an open source standard and command-line tool that helps security teams quickly analyze cluster configurations and respond to CVEs. The project includes an initial specification and implementation that works across cloud providers, on-prem, and DIY environments.
-
Microsoft Open Sources AzDetectSuite Library for Detection Engineering in Azure
The Microsoft security team recently released AzDetectSuite, a collection of KQL queries and detection alerts against security threads on Azure and AzureAD. The open-source project provides basic detection capabilities at a low cost, targeting small environments within the Microsoft cloud platform.
-
AWS Signer Simplifies Signing and Verifying Container Images
AWS has released AWS Signer Container Image Signing (AWS Signer) to provide native AWS support for signing and verifying container images in registries such as Amazon Elastic Container Registry (Amazon ECR). AWS Signer manages code signing certificates, public and private keys, and provides lifecycle management tooling.
-
AWS Payment Cryptography: New Service for Payment Processing Applications
At the recent re:Inforce conference, AWS announced Payment Cryptography, a new service to manage payment cryptography operations. The new elastic option simplifies key management for payment processing applications, helping customers meet PCI security requirements.
-
AWS Launches Amazon S3 Dual-Layer Server-Side Encryption with Keys Stored in AWS KMS
Recently AWS launched Amazon S3 dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS), a new encryption option in Amazon S3 that applies two layers of encryption to objects when they are uploaded to an Amazon Simple Storage Service (Amazon S3) bucket.
-
GitHub Push Protection Moved to General Availability
GitHub has moved push protection into general availability and made it free for all public repositories. Push protection helps detect secrets in code as changes are pushed. As part of the GA release, push protection is also available to all private repositories with a GitHub Advanced Security (GHAS) license.
-
Amazon Security Lake for Centralized Security Data Management Now GA
AWS recently announced the general availability of Security Lake, a managed service to automate the sourcing, aggregation, normalization, and data management of security data. The new service centralizes data from AWS environments, SaaS providers, on-premises, and cloud sources into a data lake stored in an AWS account.
-
Azure Deployment Environments Now Generally Available
At the annual Build conference, Microsoft announced Azure Deployment Environments' general availability (GA). This service allows development teams to create segregated instances within Azure for deploying and managing applications in different stages, such as development, testing, and production, to ensure controlled and consistent deployment processes.
-
AWS Announces the General Availability of Private Access to the Management Console
AWS recently announced the general availability (GA) of private access to the AWS management console. Private access is a new security feature that allows customers to limit access to the AWS Management Console from their Virtual Private Cloud (VPC) or connected networks to a set of trusted AWS accounts and organizations.
-
AWS Verified Access Now GA with Support for WAF and Signed Identity Context
AWS recently announced the general availability of Verified Access, a managed service that provides secure access to corporate applications without relying on a VPN. With the GA, the cloud provider introduced support for AWS WAF and the ability to pass signed identity context to end applications.