InfoQ Homepage Security Content on InfoQ
-
Microsoft Warns Customers about a Critical Vulnerability in Azure Cosmos DB
Azure Cosmos DB is a globally-distributed and fully-managed NoSQL database service. Recently, Microsoft warned thousands of its Cosmos DB customers of a vulnerability that exposes their data. A flaw in the service could grant a malicious actor access keys to steal, edit or delete sensitive data.
-
AWS Introduces Security Analytics Bootstrap to Perform Security Investigations
AWS recently announced Security Analytics Bootstrap, an open source framework to perform security investigations on AWS service logs using an Amazon Athena analysis environment.
-
Google Releases Its Certificate Authority Service into General Availability
The Google Cloud Certificate Authority Service (CAS) is a scalable service for managing and deploying private certificates via automation and managing public key infrastructure (PKI). And last month, Google announced the general availability (GA) of this service.
-
QCon Plus November 2021 is Now Hybrid. Attend Online and In-Person (NY & SF)
The QCon Plus software development conference will be back November 1-5, 2021 - online and in-person. Get the chance to engage and network with professionals driving change and innovation inside the world’s most innovative software organizations.
-
Microsoft Announces Public Preview of Bastion Standard SKU
Azure Bastion is a fully-managed Platform as a Service (PaaS) solution providing customers a secure way to connect to a virtual machine using a browser and the Azure portal. Recently, the company announced the public preview of the second Stock Keeping-Unit (SKU) called Standard.
-
Improve Your Software Quality and Speed of Delivery. Learn How at InfoQ Live on July 20th
Learn how automation, continuous testing, and supply management techniques can improve software quality and speed of delivery. Get valuable insights from world-class domain experts at InfoQ Live on July 20th.
-
Adding Security to Testing to Enable Continuous Security Testing
Teams can be trained by security experts to become able to identify areas to add security testing in the test process and add security checks as part of functional test automation. This can lead to continuous security testing where security defects can be spotted at an early stage with higher security testing coverage in every release.
-
New Exploit Breaks Current Spectre Defenses; Fixes Hard without Performance Impact
Researchers from the University of Virginia School of Engineering recently disclosed a new Spectre hardware exploit that can steal secrets via Intel/AMD micro-op caches and circumvents current Spectre defenses. Intel and AMD say no new guidance is needed. Researchers say suggested fixes are inconvenient to deploy or have performance drawbacks.
-
.NET News Roundup - Week of May 3rd, 2021
This past week was marked by a new Visual Studio Code release and Pure Virtual C++, a virtual event hosted by Microsoft. InfoQ examined this and a number of smaller stories in the .NET ecosystem from the week of May 3rd, 2021.
-
CNCF Publishes Latest Technology Radar Focused on Secrets Management
CNCF published the fourth edition of the end-user Technology Radar. This time the theme was secrets management: the set of tools and technologies to manage digital authentication. The purpose of this edition is to share what tools are used by end-users, the tools they recommend, and any patterns that emerged.
-
Post-Quantum Cryptography: Q&A with Jean-Philippe Aumasson
While quantum computing is still in its infancy, post-quantum cryptography is a field of growing interest for companies and research institutions. InfoQ has spoken with cryptography researcher Jean-Philippe Aumasson to understand where post-quantum crypto is headed.
-
HashiCorp Announces the General Availability of HCP Vault on AWS
Recently, HashiCorp announced the general availability of their fully-managed Vault service for AWS environments on the HashiCorp Cloud Platform (HCP). With Vault, customers can leverage a SaaS service with secret management and encryption capabilities.
-
Rust to Provide New Foundations for Android OS Security
Google will use Rust to prevent memory bugs in the Android OS, one of the most frequent causes of security vulnerabilities. As a first step in this direction, the Android Open Source Project now supports Rust as an OS development language.
-
Cloudflare Announcement Helps Customers Protect against Online Threats, Such as Digital Skimmers
Cloudflare announces a new service called Page Shield. Page Shield is a client-side security offering that helps websites protect their users' information from supply chain and client-side attacks, such as Magecart. It joins tools like CSP and SRI as ways to protect against these types of attacks.
-
Microsoft Releases Azure Attestation into General Availability
Microsoft recently announced the general availability of Azure Attestation, a unified solution for remotely verifying the trustworthiness of a platform and the integrity of the binaries running inside it.