InfoQ Homepage Security Content on InfoQ
-
Secure Microkernel seL4 Reaches Version 7
Version 7.0.0 of the seL4 high-assurance microkernel has been released, bringing with it an alternate CMake-based build system with support for out-of-tree builds and interactive configuration.
-
Apple Details Face ID Security
Apple has described how Face ID works and how it guarantees security in a new white paper.
-
Java EE Security API (JSR-375) Approved
The Java EE Security API, JSR 375, was approved in early August. All members of the JCP Executive Committee voted “Yes”, with zero “No” votes. Intel Corp. did not vote on the JSR.
-
Zenedge Releases API Security Solution with Native SDKs
Zenedge, a cybersecurity provider of AI-driven Web Application Firewall, malicious bot detection, and bot management services, has recently released an API Security solution with native SDKs for web and mobile.
-
Microsoft Renews Calls for “Digital Geneva Convention” after Widespread Cyber Attacks
The major story from last week was that malware, described in leaked NSA documents, crippled Windows computers worldwide. The WannaCry Ransomware virus is believed to have hit 200,000 victims in 150 countries, including UK hospitals, utilities in Spain, and Russia’s interior ministry.
-
Public Docker Image Vulnerability Research Findings Released
A researcher from Federacy released a report analyzing vulnerabilities in Docker images in public repositories. 24% of images were found to have significant vulnerabilities, with Ubuntu based ones having the most and Debian based ones having the least.
-
Apache Ranger Graduates to Top-Level Project
Apache Ranger, a security management framework for Apache Hadoop ecosystem, graduated to top level. Ranger is used as a centralized component to define and administer security policies that are enforced across supported Hadoop components such as Apache HBase, Hadoop (HDFS and YARN), Apache Hive, Apache Kafka, Apache Solr, among others.
-
Study Shows the Web is Crowded with Outdated, Vulnerable JavaScript Libraries
A recent study has found that 37% of Alexa top 75K websites has at least one vulnerability and almost 10% at least two. Maybe even more shockingly, 26% of Alexa top 500 websites use vulnerable libraries.
-
Cloudbleed - Cloudflare Proxies Memory Leak
A buffer overflow bug has caused a small number of requests to Cloudflare proxies to leak data from unrelated requests, including potentially sensitive data such as passwords and other secrets. The issue, which has been named ‘Cloudbleed’, was discovered by Google Project Zero vulnerability researcher Tavis Ormandy.
-
NIST Guidelines Require Second Auth Factor When Using Biometrics
NIST has released a public draft of new Digital Identity Guidelines, described as “a significant update from past revisions.” The guidelines describe acceptable use of multi-factor authentication (MFA). Furthermore, when using biometric data as one authentication factor, it must be combined with something you have, and not something you know, such as a password.
-
Apache Eagle, Originally from eBay, Graduates to top-level project
Apache Eagle, an open-source solution for identifying security and performance issues on big data platforms, graduates to Apache top level project on January 10, 2017. Firstly open-sourced by eBay on October 2015, Eagle was created to instantly detect access to sensitive data or malicious activities and, to take actions in a timely fashion.
-
Neo4j 3.1 Supports Causal Clustering and Security Enhancements
The latest version of Graph NoSQL database Neo4j introduces causal clustering and new security architecture. Neo4j team recently released version 3.1 of the graph database. Other new features include database kernel improvements and a Schema Viewer.
-
Google Pushing for HTTPS
Google wants to push for HTTPS everywhere with a combination of deprecating existing Chrome features in non-secure sites, as well as new features only supported in HTTPS.
-
Major Windows Vulnerability Disclosed by Google before Patch Available
A major, currently exploited vulnerability in the Microsoft Windows kernel has recently been disclosed by Google’s Threat Analysis Group, before Microsoft made public a patch or any mitigation advice. Microsoft has stated a fully tested patch will be available in a week.
-
All Android Versions May Be Affected by Dirty COW Linux Vulnerability
Recently disclosed Dirty COW Linux privilege escalation vulnerability is likely to affect all Android versions, say security researchers.