InfoQ Homepage Security Content on InfoQ

News

RSS Feed

Newer Older

Mobile

Android 13 Final Beta Improves Security and Privacy, and More

The latest beta of Android 13 is a final update that allows developers to make sure their apps are ready for the new Android release when it becomes available in a few weeks, says Google.

Sergio De Simone
on Jul 15, 2022
Cloud

Google Cloud Announces Advanced API Security through Apigee

Recently Google announced the public preview of Advanced API Security, a comprehensive set of API security capabilities built on Apigee, their API management platform. With the new capability, customers can detect security threats more efficiently.

Steef-Jan Wiggers
on Jul 12, 2022
Mobile

Apple Introduces Lockdown Mode to Secure Its OSes against Cyberattacks

The new Lockdown Mode announced by Apple, available now in the latest betas of iOS 16, iPadOS 16, and macOS Ventura, aims to provide a further level of protection to users at risk of highly targeted Cyberattacks.

Sergio De Simone
on Jul 07, 2022
AI, ML & Data Engineering

Google's BigQuery Introduces Column-Level Encryption Functions and Dynamic Masking of Information

Google recently released new features for its SaaS data warehouse BigQuery which include column level encryption functions and dynamic masking of information. Specifically, dynamic masking of information can be used for real-time transactions whereas column level encryption provides additional security for data at rest or in motion where real-time usability is not required.

Claudio Masolo
on Jul 07, 2022
DevOps

GitHub Enterprise Server 3.5 Improves Security, Updates GitHub Actions, and More

The latest release of GitHub Enterprise Server brings many new features with a special emphasis on security and compliance, says GitHub, including Dependabot integration, improved security features, updates to GitHub Actions, and more.

Sergio De Simone
on Jun 02, 2022
DevOps

Docker Launches Docker Extensions and Docker Desktop for Linux

At DockerCon 2022, Docker announced a way for developers to tap into Docker Desktop and extend its functionality using a new Extension SDK. Additionally, Docker Desktop is finally landing on Linux, providing the same experience available on macOS and Windows.

Sergio De Simone
on May 11, 2022
DevOps

Crypto Miners Exploiting VMware Vulnerability in the Wild

A critical vulnerability affecting VMware Workspace ONE Access and VMware Identity Manager allows malicious actors to remotely execute arbitrary code triggering a server-side template injection. According to VMware the vulnerability is actively exploited.

Sergio De Simone
on Apr 21, 2022
DevOps

Dockerfile Linter Hadolint Brings Fixes and Improvements, and Support for ARM64 Binaries

After a long wait, recent Hadolint releases have brought a number of fixes, improvements, and support for ARM64 binaries.

Sergio De Simone
on Apr 02, 2022
DevOps

Hardware Mitigation on Intel, Arm, and AMD CPUs Shown Ineffective against Spectre v2

Security researchers from Vrije Universiteit Amsterdam showed the hardware mitigations to Spectre v2 attacks implemented in both Intel and Arm processors have fundamental flaws that make them vulnerable to branch history injection.

Sergio De Simone
on Mar 28, 2022
DevOps

Meta Open-Sources Browser Extension to Establish Web Code Authenticity

Originally created to help WhatsApp users verify the authenticity of the WhatsApp code being served to their browsers, Code Verify is a new open-source extension for Chrome, Edge, and Firefox enabling to provide the same level of security for other Web services, says Meta.

Sergio De Simone
on Mar 26, 2022
DevOps

Software Supply Chain Security Project in-toto Accepted into CNCF Incubator

The CNCF Technical Oversight Committee (TOC) has accepted the in-toto project as a CNCF incubating project. The in-toto project aims to cryptographically protect the entire software build and delivery process - the “supply chain” - from malicious actors.

Hrishikesh Barua
on Mar 19, 2022
Culture & Methods

How Security by Design Helped to Manage Risks in a Cloud Migration

When a company migrated to the cloud, security issues arose due to difficulties in getting stakeholders on board and involving security from the start. Embedding security assessments as part of the continuous cloud DevOps process and adopting an agile strategy for security risk management throughout the lifecycle of the project helped to increase the governance of security during the migration.

Ben Linders
on Mar 03, 2022
Cloud

New CodeGuru Reviewer Features Detector Library and Security Detectors for Log-Injection Flaws

Amazon CodeGuru Reviewer is a developer tool that leverages machine learning to detect security defects in code (Java and Python) and offers suggestions for code quality improvement. Recently, AWS introduced two new features for the tool, with a new Detector Library and security detectors for Log-Injection Flaws.

Steef-Jan Wiggers
on Feb 25, 2022
DevOps

ValidKube Aims to Help Enforce Kubernetes YAML Best Practices

ValidKube is a new open-source tool that combines several tools to make it easier to validate, clean, and secure Kubernetes YAML configuration files. InfoQ has spoken with Itiel Shwartz, CTO and co-founder of Komodor, creator of ValidKube.

Sergio De Simone
on Feb 17, 2022
DevOps

Report Finds 75% of Cloud Runtimes Contain High or Critical Vulnerabilities

Sysdig’s latest cloud-native and security-usage report finds that shipping containers with vulnerabilities has become standard practice - with the report finding that 75% of containers have high severity vulnerabilities which could have been patched. The report stresses that many organisations find this to be an acceptable risk, in order to move and release quickly.

Matt Saunders
on Feb 15, 2022

Newer News

Older News

InfoQ Software Architects' Newsletter

News