InfoQ Homepage Security Content on InfoQ
-
A Dozen Cisco Vulnerabilities at Once
A security researcher has identified 12 vulnerabilities that exploit Cisco Security Manager. The flaws include deserialization, remote code execution, and arbitrary file access.
-
HashiCorp Vault Adds Tokenization and Auto-Join Features
HashiCorp has released Vault 1.6, adding new features to their secrets and identity management platform. Cloud auto-join facilitates automatically attaching new Vault nodes to the cluster. The transform secrets engine now supports tokenization to better secure data stored outside of Vault. Additional features include integration with key management services and support for seal migration.
-
How SAD DNS Works
SAD DNS is a new variant of DNS cache poisoning that allows an attacker to inject malicious DNS records into a DNS cache, thus redirecting any traffic to their own server and become a man-in-the-middle (MITM).
-
AWS Announces Gateway Load Balancer
AWS Gateway Load Balancer is a new fully-managed network gateway and load balancer. The service is tailored to deploy, scale and manage third-party virtual appliances such as firewalls, intrusion detection, prevention systems and deep packet inspection systems in the cloud.
-
AWS Introduces Nitro Enclaves, Isolated EC2 Environments for Confidential Computing
AWS has recently made available Nitro Enclaves, isolated EC2 environments to process confidential data. Based on a lightweight Linux OS, a Nitro Enclave is a hardened, attested and highly constrained virtual machine.
-
HashiCorp Supports AWS Lambda Extensions for Serverless Security
HashiCorp has recently announced the public preview of the HashiCorp Vault AWS Lambda Extension. The new service is based on the recently launched AWS Lambda Extensions API and allows a serverless application to securely retrieve secrets from HashiCorp Vault without making the Lambda functions Vault-aware.
-
Git 2.29 Introduces Experimental Support for SHA-256
The latest version of Git experimentally enables using SHA-256 instead of SHA-1 for file hashing, thus removing a long-standing vulnerability which in principle allowed an attacker to forge a counterfeited repository with a HEAD not distinguishable from the original's.
-
Cloudflare Releases a Cloud-Based Network-as-a-Service Solution: Cloudflare One
Cloudflare, an American web-infrastructure and website-security company, recently introduced a cloud-based network-as-a-service solution for the enterprise workforce called Cloudflare One. The solution provides secure, fast, reliable, cost-effective network services, integrated with leading identity management and endpoint security providers.
-
Cloudflare Introduces API Shield
Cloudflare has recently introduced API Shield, a free security tool that protects API traffic against attacks designed to perform unauthorized actions or exfiltrate data. Strong client certificate-based identity is already generally available, while schema validation is currently a closed beta.
-
GitHub Code Scanning Is out of Beta
One year ago GitHub announced the acquisition of Semmle, maker of a semantic code analysis engine powered by the Semmle QL query language. After a few months in beta, GitHub is now announcing the availability of its new CodeQL-based code scanning capability for all public and private repos.
-
Bridgecrew Releases State of Open Source Terraform Security Report
Bridgecrew, a developer-first platform that codifies cloud security, recently published the State of Open Source Terraform Security report. The company utilized open-source Infrastructure-as-Code (IaC) static analysis tool Checkov. One of the key findings reveals that modules used to provision AWS resources are most likely misconfigured.
-
New COOP and COEP Cross-Origin Policies for Increased Security in Chrome and Firefox
Eiji Kitamura recently addressed in a talk at Google’s web.dev live the new COOP and COEP policies that dictate how browsers handle cross-origin resources. The new opener (COOP) and embedded (COEP) policies set up a cross-origin isolated environment that protects against Spectre attacks while restoring powerful, previously disabled features (SharedArrayMemoryBuffer and more).
-
Google Expands Its Confidential Computing Portfolio
In a recent blog post, Google announced the expansion of its Confidential Computing Portfolio with the addition of Confidential Google Kubernetes Engine (GKE) Nodes. Furthermore, the public cloud vendor will make Confidential Virtual Machines (VMs) publically available.
-
Attackers Found Building Malicious Container Images Directly on Host
Aqua’s cyber security research team, ‘Nautilus,’ has found a new attack technique targeting misconfigured Docker Daemon API ports to build an image directly on the target host container infrastructure, in order to mine cryptocurrency. Further investigation by the team uncovered an associated 330k malicious image pulls from an infrastructure of 23 container images stored in Docker Hub.
-
Best Practices for Web Developers with Webhint - Rachel Simone Weil at OpenJS World
Rachel Simone Weil, product manager for the new Microsoft Edge’s developer tools, recently gave a talk at OpenJS world addressing how the webhint tool suite supports web developers in implementing best practices.
CONTENT IN THIS BOX PROVIDED BY OUR SPONSOR
Discover, Deliver and Secure Your APIs
Architecting the Distributed Cloud
Futuriom: The Future of Multi-Cloud Networking
Download this report which details the trend towards new multi-cloud networking technologies and how VoltMesh from Volterra can help deploy, connect, and secure apps across multiple clouds.
IDC Innovators: Multicloud Networking
Download IDC Innovators: Multicloud Networking report to find out why Volterra was chosen as one of the premier platforms addressing the rise of multicloud architectures and cloud-native apps.