Package Containing Malicious Backdoor Makes its Way into NPM
The NPM security team removed a package masquerading as a cookie parser that actually contained a malicious backdoor, along with three other packages depending on it. The backdoor allowed attackers to inject arbitrary code into a running server and execute it.
Twitter Passwords May Be Compromised, Could Be One of the Largest Data Breaches in History
On May 3 Twitter announced that they had uncovered and fixed a bug that had resulted in users' passwords being stored in plaintext. No information has been released on how many users were affected, and all users are being recommended to change their passwords. If all users were in fact compromised, this would be the one of the largest known data breaches in history.
Securing IoT Devices with Microsoft's Azure Sphere
To improve security of IoT devices, Microsoft announced Azure Sphere, an end-to-end solution for Internet-connected microcontrollers (MCUs). Azure Sphere has a three-layer architecture based on hybrid microcontrollers running a new IoT-optimized Linux kernel and leveraging a cloud-based security service. The first Azure Sphere chip, the MT3620, is developed by MediaTek Inc.
Google’s New Cloud Security Tools Increase DDOS Protection, Transparency and Usability
Recently, Google introduced several new cloud-focused security enhancements for the Google Cloud Platform (GCP). These enhancements include new services like Cloud Security Command Center (Cloud SCC), Google Cloud Armor, VPC Service Controls, and a few new features for G Suite administrators. Furthermore, these enhancements are a part of Google’s investment in their cloud platform.
Q&A with Marisa Fagan on Security Championship
Security lead Marisa Fagan recently spoke at QConLondon 2018 about upskilling and elevating engineering team members into the role of Security Champions. We catch up with Fagen and report on her efforts to address contention caused by a scarcity of security professionals.
SaaS Platform for Managing Configurations Enters Private Beta
Config is a new SaaS offering for managing configuration files. Created by Bien David in 2017, the company looks to simplify how teams store and access configurations used by systems, apps, modules, environments, and server instances. InfoQ spoke to the team behind Config to learn more about how these problems are solved.
Blockchain and Smart Contracts in a Business Process
Buying something through an internet portal, for example a car, normally involves two parties who don’t trust each other; a buyer and a seller. The portal is just a broker so either the buyer must transfer money before getting the ordered item, or the seller must send the item before getting the money. To overcome this lack of mutual trust, Bernd Rücker claims that a blockchain can be used.
Last Npm Incident Uncovers Security Vulnerability
Last week, the npm registry had an operations incident that caused a number of highly depended on packages, such as require-from-string, to become unavailable. While the incident was relatively straightforward to solve, it uncovered a major security vulnerability that could have been exploited to inject malicious code in projects using npm.
Intel Joins the Race for Quantum Supremacy with a 49-Qubit Chip
At CES 2018, Intel CEO Brian Krzanich announced Intel successfully built a 49-qubit chip, which aims to allow researchers to improve error correction techniques and simulate computational problems.
Intel Found That Spectre and Meltdown Fix Has a Performance Hit of 0-21%
Microsoft, Red Hat and Intel have published their performance evaluation of the impact Meltdown and Spectre mitigation has on various systems.
Redpoint Games Launch NPM Package Signing Tool
Redpoint has launched pkgsign, a package signing and verification tool for NPM. It aims to improve security by helping ensure the authenticity of packages which are uploaded and downloaded from the NPM registry.
Apple Releases New Security Updates to Protect Safari against the Spectre Attack
Apple has released a trio of security updates aimed at protecting Safari and WebKit against the Spectre attack.
A Deeper Dive into Spectre and Meltdown
A deeper look at Spectre/Meltdown characteristics and potential attacks, why it's necessary to patch cloud VMs even though the cloud service providers have already applied patches, the nature of the performance impact and how it’s affecting real world applications, the need for threat modelling, the role of anti virus, how hardware is affected, and what’s likely to change in the long term.
Meltdown and Spectre: What They Are and How to Deal with Them
This article discusses the latest CPU vulnerabilities – Meltdown and Spectre – and the current solutions to fix them.
Xen Hypervisor 4.10 Focuses on Security and Better ARM Support
The Xen Project released version 4.10 of their hypervisor with an improved architecture for x86, better support for ARM processor hardware updates, and changes to schedulers and the user interface.
CONTENT IN THIS BOX PROVIDED BY OUR SPONSOR
|
Videos |
|
Whitepapers |
Top 10 AWS Cloud Security Risks
10 Security Best Practices for AWS
Six essentials for DevOps Team Excellence
AWS Security Fitness Guide To Be Cloudfit
|
Featured Content |
Blog Posts
Full-Court Press: Playing Defense in the Enterprise Cloud
Measure Your Cloud Security in 5 Steps
Webinars
How to Achieve NIST Appliance in the Cloud
The Future of Continuous Compliance is Automation feature Forrester
|
Follow us on |
