InfoQ Homepage Information Security Content on InfoQ
-
Google Cloud KMS Launches Post-Quantum KEM Support to Combat "Harvest Now, Decrypt Later" Threat
Google Cloud's Key Management Service now supports post-quantum Key Encapsulation Mechanisms (KEMs), addressing future threats from quantum computing. This update empowers organizations to prepare against "Harvest Now, Decrypt Later" attacks while ensuring long-term data confidentiality.
-
Cloudflare Introduces Automated Scoring for Shadow AI Risk Assessment
During AI Week 2025, Cloudflare announced Application Confidence Scores, an automated assessment system that is designed to help organizations evaluate the safety and security of third-party AI applications at scale.
-
Microsoft Azure Storage Discovery Enters Preview with Enhanced Blob Storage Analytics
Azure Storage Discovery is a service that offers a comprehensive overview of your blob storage ecosystem. Leverage advanced insights for cost optimization and security in real-time, using natural language with Azure Copilot. Quickly analyze data trends, detect outliers, and access 18 months of historical data, all in one intuitive dashboard. Experience unparalleled visibility and efficiency.
-
New Crypto-Jacking Attacks Target DevOps and AI Infrastructure
Security researchers at Wiz have uncovered a sophisticated crypto-jacking attack targeting publically accessible API servers for several popular DevOps tools. Similarly, researchers at Sysdig have uncovered an attack on the popular AI tool Open WebUI using many of the same techniques and crypto-miners.
-
Have I Been Pwned 2.0 Adds New Tools for Data Breach Monitoring
Have I Been Pwned (HIBP) - the widely used data breach notification service created by security expert Troy Hunt, has launched a major front-end redesign in version 2.0, introducing several new features aimed at improving how individuals and organizations monitor breach exposure.
-
Recent Generations of Apple CPUs Affected by New Side-Channel Vulnerabilities
Researchers at the Georgia Institute of Technology and the Ruhr University Bochum demonstrated two new side channel attacks on recent M and A CPUs from Apple that leak sensitive information when using Chrome and Safari to visit popular sites.
-
Elastic Automates SIEM Investigations with Tines
Elastic's information security team recently detailed their workflow automation using Tines, aimed at improving their ability to identify and respond to cybersecurity threats. The system automatically triages alerts from its Security Information and Event Management (SIEM) system, enhancing the ability to identify and prioritize real threats.
-
NIST Launches Program to Discriminate How Far from "Human-Quality" are Gen AI Generated Summaries
NIST launched a public Gen AI evaluation program for systems developed by the international research community. The pilot program focuses on systems that can generate human-like summaries from multiple documents, or discriminators to identify whether a summary was AI-generated. For now, information about text-to-text modality is available. The registration closes in May.
-
Rachael Greaves at QCon London: Ethical AI Can Decrease the Impact of Data Breaches
At QCon London, Rachael Greaves, chief executive officer at Castlepoint Systems, presented both the obligations and benefits of data minimisation as a mechanism to decrease the impact of data breaches. AI autoclassification and automatic decision-making tools help with the ever-increasing data volumes as long as ethical principles are considered, allowing decisions to be challenged.
-
Apple Debuts Post-Quantum Cryptography Cipher PQ3 for iMessage Communication
Apple announced a new quantum-resistant encryption protocol that will be used to secure iMessage communications, PQ3 against attack scenarios known as "harvest now, decrypt later".
-
How LinkedIn Uses Machine Learning to Address Content-Related Threats and Abuse
To help detect and remove content that violates their standard policies, LinkedIn has been using its AutoML framework, which trains classifiers and experiments with multiple model architectures in parallel, explain LinkedIn engineers Shubham Agarwal and Rishi Gupta.
-
Google Distributed Cloud Hosted Now Generally Available
Google recently announced the general availability of Google Distributed Cloud (GDC) Hosted, an offering for customers with the most stringent requirements, including classified, restricted, and top-secret data. It complements Google Distributed Cloud Edge and Google Distributed Cloud Virtual, which became generally available in 2022.
-
Cloudflare Detects a Record 71 Million Request-Per-Second DDoS Attack
On the weekend of 11 and 12 February, the Super Bowl weekend, Cloudflare detected dozens of hyper-volumetrics DDoS attacks. These attacks peaked at 50-70 million requests per second (rps), with the highest at 71 million rps. This is the largest reported HTTP DDoS attack on record. This attack is 54% higher than the previous record registered in June 2022 with 46M rps.
-
Threat Operations and Research Team Cloudforce One Generally Available
Cloudflare recently announced that the threat operations and research team Cloudforce One began conducting briefings and is now generally available. Available as an add-on subscription, Cloudforce One includes threat data and briefings, security tools, and the ability to make requests for information (RFIs) to the team.
-
NCC Group Dissect Aims to Scale Incident Response to Thousands of Systems
Developed at Fox-IT, part of NCC Group, Dissect is a recently open-sourced toolset that aims to enable incident response on thousands of systems at a time by analyzing large volumes of forensic data at high speed, says Fox-IT.