InfoQ Homepage Security Content on InfoQ
-
Intel Loihi 2 and Lava Framework Aim to Advance Neuromorphic Computing Research
Intel introduced its second-generation neuromorphic chip, Loihi 2, with the aim to provide tools for research in the field of neuromorphic computing. In addition, Intel has released Lava, a software framework to build neuromorphic apps both on conventional and neuromorphic hardware.
-
WICG Publishes New HTML Sanitizer API Proposal against mXSS Attacks
The Web Platform Incubator Community Group recently published the Draft Community Group Report for the HTML Sanitizer API. The HTML Sanitizer API lets developers take untrusted strings of HTML and sanitize those strings for safe insertion into a document’s DOM. The most common use case of HTML string sanitization is to prevent cross-site scripting (XSS) attacks.
-
Facebook Mariana Trench Helps Developers to Find Vulnerabilities in Android and Java Apps
Recently open-sourced by Facebook, Mariana Trench (MT) aims to help developers identify and prevent security and privacy bugs in Android and Java applications.
-
Announcing Allstar, a GitHub App to Improve Open Source Security
Google recently announced Allstar, a GitHub app that enables continuous enforcement of security policies for a given organization or project repository. Allstar is Google’s contribution towards improving Open Source Software (OSS) security.
-
Armo Releases Kubescape K8s Security Testing Tool: Q&A with VP Jonathan Kaftzan
Armo announced the release of Kubescape last month, a tool for testing if a Kubernetes environment is secure according to the Kubernetes hardening guidance published by the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency(CISA).
-
GitHub to Phase out Support for Git Protocol, DSA Keys and Legacy SSH Algorithms
With a strong focus on having customer data as secure as possible, GitHub has decided to remove support for the unencrypted Git protocol, DSA keys and some legacy SSH algorithms. Also, it is adding requirements for newly added RSA keys and providing support for ECDSA and Ed25519 host keys SSH. These changes might affect only SSH and git:// users, while the https:// users will be unaffected.
-
Moving from Self-Doubt and Imposter Syndrome toward Seeing the Benefits of Diversity in Technology
As someone with a non technical background, Charu Bansal, has navigated the imposter syndrome in her career, often wondering what value she could bring to security. In her talk at The Diana Initiative 2021, she showed how having a diverse perspective helped her to solve challenging security problems as she pivoted from a non-technical career into information security.
-
NSA and CISA Publish Kubernetes Hardening Guidance
The National Security Agency(NSA) in partnership with the Cybersecurity and Infrastructure Security Agency(CISA) recently published the Kubernetes Hardening Guidance, a technical report focused on securing Kubernetes environments. The report identifies the common areas of Kubernetes security risks: supply chain, malicious actors, and insider threats.
-
Travis CI Vulnerability Potentially Leaked Customer Secrets
Popular continuous integration and delivery service Travis CI disclosed a vulnerability that potentially leaked secure environment variables, including signing keys, access credentials, and API tokens. The flaw was quickly fixed on September 10, but the developer community found Travis CI handling of this issue insufficient.
-
Announcing General Availability of CIS Service Catalog and Reference Architecture 2.0
Gruntwork, an organization focused on creating reusable infrastructure code, announced the general availability of CIS Service Catalog and CIS Reference Architecture 2.0. Existing and future users of Gruntwork can now rapidly get started with a production-ready AWS technology stack and AWS services.
-
Cloud Providers Publish Ransomware Mitigation Strategies
In the last few weeks AWS, Azure and Google Cloud have posted articles and documentation with suggestions on ransomware mitigation techniques on the cloud, highlighting the main protections and recovery preparation actions.
-
Deno Improves Support for Web APIs: Cryptography, Messaging, Networking, and More
The recent versions of Deno improved web API support in the cryptography, networking, and messaging areas. Deno 1.11 introduced support for the Web Crypto APIs and BroadcastChannel APIs. Deno 1.12 added support for the MessageChannel and MessagePort portions of the Channel Messaging API. Deno 1.13 implements the navigator.hardwareConcurrency API.
-
How Quantifying Information Leakage Helps to Protect Systems
Information leakage happens when observable information can be correlated with a secret. Secrets such as passwords, medical diagnosis, locations, or financial data uphold a lot of our world, and there are many types of information, like error messages or electrical consumption patterns, that can give hints to these secrets.
-
AWS Introduces Backup Audit Manager for Compliance Requirements
Amazon recently announced the availability of AWS Backup Audit Manager, a new feature of AWS Backup to monitor the compliance status of backups and generate reports to meet business and regulatory requirements.
-
Microsoft Warns Customers about a Critical Vulnerability in Azure Cosmos DB
Azure Cosmos DB is a globally-distributed and fully-managed NoSQL database service. Recently, Microsoft warned thousands of its Cosmos DB customers of a vulnerability that exposes their data. A flaw in the service could grant a malicious actor access keys to steal, edit or delete sensitive data.
CONTENT IN THIS BOX PROVIDED BY OUR SPONSOR
Featured Content
Preventing Data Exfiltration with eBPF
Keep your data protected by developing security policies that target specific processes with eBPF. Learn more.
A Practical Guide to Secure SSH Access
Three practical approaches to securing SSH access. Learn more.
Security Incident Containment with Teleport Session and Identity Locking
What would you do when a security incident is detected? Learn More.
Access and Security Trade-Offs for DevSecOps Teams
How to stay secure while your team ships at scale. Trade-offs for DevSecOps teams without the tension. Download now.