InfoQ Homepage Security Content on InfoQ
-
Unskilled Cybercriminals May Be Leveraging ChatGPT to Create Malware
In a recent report, Israeli cybersecurity company Check Point warned that cybercriminals are already using ChatGPT to develop malicious programs on the Dark Web. According to Check Point, ChatGPT makes it possible for even unskilled threat actors to create functioning malware.
-
AWS Announces Upcoming Security Changes in April 2023 for Amazon S3
Recently AWS announced it would make two changes to Amazon Simple Storage Service (Amazon S3): all buckets in a region will have S3 Block Public Access enabled and access control lists (ACLs) disabled by default. These changes will take effect in April 2023 and will be rolled out by the company in all AWS regions within weeks.
-
AWS Key Management Service Now Supports External Key Stores
AWS recently announced the availability of AWS Key Management Service (AWS KMS) External Key Store (XKS), allowing organizations to store and manage their encryption keys outside the AWS KMS service.
-
Testing Advanced Driver Assistance Systems
Advanced driver assistance systems can have a huge number of test cases. Cutting the elephant into smaller pieces can ensure every bit and piece is tested. A good test environment is essential to be efficient, fast and flexible to cover all required tests to ensure quality. Testers should be involved in the project right from the beginning to avoid task-forces, quality- or delivery problems.
-
Spotify Introduces Kitsune Vulnerability Management Platform
Spotify recently introduced its security vulnerability management platform, Kitsune. Right from vulnerability detection to providing insights based on metrics, Kitsune manages the overall security vulnerability lifecycle. Kitsune’s development started one and a half years ago and it continues to evolve.
-
.NET 7 Removes Its Insecure XmlSecureResolver
.NET 7 has replaced the insecure XmlSecureResolver with a new ThrowingResolver type.
-
Threat-Detection Tool Falco Now Supports Multiple Event Sources, Syscall Selection, and More
The latest release of Falco adds the ability to handle multiple simultaneous event sources within the same instance, support for selecting which syscalls to capture, a new Kernel Crawler to collect the most recent supported kernel versions, and more.
-
Docker Introduces Hardened Desktop for Business Users
The latest release of Docker Desktop introduces a new security model to help sys admins secure their organizations' supply chains. Dubbed Hardened Desktop and available only to business customers, the new model includes Settings Management and Enhanced Container Isolation.
-
Two New Git Vulnerabilities Affecting Local Clones and Git Shell Patched
Two Git vulnerabilities affecting local clones and git shell interactive mode in version 2.38 and older have been recently patched.
-
Google Cloud Announces Curated Detection in Chronicle SecOps Suite
Google Cloud recently announced general availability of curated detections as a part of Chronicle SecOps Suite. Using the out-of-the-box threat analytics, security operations teams can now detect cybersecurity threats proactively and take relevant actions.
-
Microsoft Previews Azure Firewall Basic for Small-Medium Businesses
Microsoft recently released the public preview of Azure Firewall Basic for small-medium businesses (SMBs), providing enterprise-grade security at an affordable price. The company offers the Basic SKU as it sees SMBs as particularly vulnerable to budget constraints and gaps in specialized security skills.
-
MIT Technology Review Insights Survey on Zero Trust in Cybersecurity
MIT Technology Review released their findings from the Zero trust closes the end-user gap in cybersecurity on Sep 19, 2022. This report focused on the approach to cybersecurity and mainly demonstrates how organizations go beyond passwords to embrace a new approach to defending against cyberattacks.
-
QCon Events 2022: Uncover Emerging Trends & Learn From Practitioners Driving Innovation in Software
QCon offers two international software development conference formats, in-person QCon San Francisco (Oct 24-28) and online QCon Plus (Nov 29-Dec 9). Level up on the skills most in demand in the industry by uncovering emerging software trends to solve your complex engineering challenges.
-
NPM Package Masquerading as Popular Material Tailwind Library To Install Malicious Code
Researchers at ReversingLabs discovered a malicious npm package masquerading as the Material Tailwind library. Their finding highlights a new trend for threat actors to install malicious code, dubbed impostor packages, say the researchers.
-
Multi-Factor Authentication Fatigue Key Factor in Uber Breach
Earlier this week, Uber disclosed that the recent breach it suffered was made possible through a multi-factor authentication (MFA) fatigue attack where the attacker disguised themselves as Uber IT.