InfoQ Homepage Security Content on InfoQ
-
Apple Releases New Security Updates to Protect Safari against the Spectre Attack
Apple has released a trio of security updates aimed at protecting Safari and WebKit against the Spectre attack.
-
A Deeper Dive into Spectre and Meltdown
A deeper look at Spectre/Meltdown characteristics and potential attacks, why it's necessary to patch cloud VMs even though the cloud service providers have already applied patches, the nature of the performance impact and how it’s affecting real world applications, the need for threat modelling, the role of anti virus, how hardware is affected, and what’s likely to change in the long term.
-
Meltdown and Spectre: What They Are and How to Deal with Them
This article discusses the latest CPU vulnerabilities – Meltdown and Spectre – and the current solutions to fix them.
-
The Hottest Tech Trends in 2018 According to GitHub
Data, workflow integration, and open source tools are among the trends that Jason Warner, GitHub senior vice-president of technology, identifies as key for company success in 2018.
-
Amazon GuardDuty: A Zero-Footprint Managed Threat Detection Service for AWS Accounts and Resources
At the AWS re:invent conference, the release of Amazon GuardDuty was announced - a managed threat detection service that continuously monitors for malicious or unauthorised behaviour. The service can be centrally managed, is “zero footprint”, and remediation scripts or AWS Lambda functions can be configured to trigger automatically based on GuardDuty findings.
-
Kubernetes 1.8 Improves Security, Stability and Workloads
The Kubernetes team has released version 1.8, which focuses on improved security and better stability, and has moved the Workloads API to beta. New mature features include role-based access control (RBAC), support for volume mount options, allowing privilege escalation, and support for high-level volume operation metrics.
-
GitHub Launches Security Alerts
GitHub has launched a new security alerts feature which will scan a project's dependencies for known vulnerabilities. Once found, users will be automatically alerted and presented with more information about the vulnerability, including its severity level and resolution steps.
-
Secure Microkernel seL4 Reaches Version 7
Version 7.0.0 of the seL4 high-assurance microkernel has been released, bringing with it an alternate CMake-based build system with support for out-of-tree builds and interactive configuration.
-
Apple Details Face ID Security
Apple has described how Face ID works and how it guarantees security in a new white paper.
-
Java EE Security API (JSR-375) Approved
The Java EE Security API, JSR 375, was approved in early August. All members of the JCP Executive Committee voted “Yes”, with zero “No” votes. Intel Corp. did not vote on the JSR.
-
Zenedge Releases API Security Solution with Native SDKs
Zenedge, a cybersecurity provider of AI-driven Web Application Firewall, malicious bot detection, and bot management services, has recently released an API Security solution with native SDKs for web and mobile.
-
Microsoft Renews Calls for “Digital Geneva Convention” after Widespread Cyber Attacks
The major story from last week was that malware, described in leaked NSA documents, crippled Windows computers worldwide. The WannaCry Ransomware virus is believed to have hit 200,000 victims in 150 countries, including UK hospitals, utilities in Spain, and Russia’s interior ministry.
-
Public Docker Image Vulnerability Research Findings Released
A researcher from Federacy released a report analyzing vulnerabilities in Docker images in public repositories. 24% of images were found to have significant vulnerabilities, with Ubuntu based ones having the most and Debian based ones having the least.
-
Apache Ranger Graduates to Top-Level Project
Apache Ranger, a security management framework for Apache Hadoop ecosystem, graduated to top level. Ranger is used as a centralized component to define and administer security policies that are enforced across supported Hadoop components such as Apache HBase, Hadoop (HDFS and YARN), Apache Hive, Apache Kafka, Apache Solr, among others.
-
Study Shows the Web is Crowded with Outdated, Vulnerable JavaScript Libraries
A recent study has found that 37% of Alexa top 75K websites has at least one vulnerability and almost 10% at least two. Maybe even more shockingly, 26% of Alexa top 500 websites use vulnerable libraries.