InfoQ Homepage Security Content on InfoQ
-
HashiCorp Vault Secrets Operator for Kubernetes Moves into General Availability
HashiCorp has moved the HashiCorp Vault Secrets Operator for Kubernetes into general availability. This Kubernetes Operator combines Vault's secret management tooling with the Kubernetes Secrets cache. The operator also handles secret rotation and has controllers for the various secret-specific custom resources.
-
Go 1.21 Toolchain is Now Reproducible to Help Safeguard from Supply-Chain Attacks
Go 1.21 toolchain is the first Go toolchain to be perfectly reproducible. This makes it possible to reduce the risk that a malicious actor can tamper with the output binaries, explains Google engineer Russ Cox, to carry through a supply chain attack.
-
AWS Introduces Dedicated Local Zones for Sovereignty Requirements
AWS has recently introduced Dedicated Local Zones, enabling customers to isolate sensitive workloads to meet their digital sovereignty requirements. This new option is designed for public sector and regulated industry customers who need dedicated infrastructure.
-
AWS Launches AWS Private CA Connector for Active Directory
AWS recently launched the AWS Private Certificate Authority (CA) Connector for Active Directory (AD). It is a new feature that allows enterprises to use AWS Private CA as a drop-in replacement for self-managed enterprise certificate authorities without the need to deploy, patch, or update local agents or proxy servers.
-
Cross-Cloud Network: Google Introduces Platform to Connect Applications across Clouds
During the recent Google Cloud Next conference, the cloud provider announced Cross-Cloud Network, a solution to connect applications across different clouds. The new platform aims to simplify multi-cloud networking with a focus on speed and security.
-
Terraform Cloud Supports Ephemeral Workspaces in Public Beta
Ephemeral workspaces allows their users to set timeouts to automatically destroy unused resources, reducing infrastructure costs and the effort required for manual resource clean-up. Ephemeral workspaces are now available in public beta on Terraform Cloud Plus.
-
OpenSSF New Manifesto Urges the Software Industry to Take Responsibility for Open Source Security
The Open Source Consumption Manifesto from OpenSSF aims to make the software industry more aware of its responsibility when it comes to ensuring the software supply chain remains secure and healthy.
-
NuGet 6.7 Announced with Enhanced Security Features
The NuGet team announced NuGet 6.7, an update that introduces a set of advanced security features. These enhancements span from updated package source mapping to the integration of vulnerability APIs, updated package version dropdowns, and the addition of warning messages to tackle trust chain issues.
-
A Ruthless Approach for Better Security by Identifying Key Risks and Ignoring Others
Risk management techniques can be used to decide which security and privacy aspects are important. You can simplify the risk impact calculations by identifying low, medium and high and critical losses, and by taking likelihoods from the industry to do likelihood calculations. This helps you to identify a few key risks, and ruthlessly ignore the rest.
-
New Downfall Attack Could Lead to Sensitive Data Leakage on Intel Processors
Security researcher Daniel Moghimi discovered a new side-channel vulnerability affecting Intel processors that could be exploited to steal data from other users or apps running on the same computer. Dubbed Downfall, the vulnerability has been patched by Intel and mitigated by most major OS vendors.
-
Chrome Supports Key Pinning on Android to Improve Security
Key pinning, a technique used to prevent an attacker from tricking a vulnerable certificate authority (CA) into issuing an apparently valid certificate for a server, is now used in Chrome for Android, version 106, to help prevent man-in-the-middle attacks against Google services.
-
Enhancing Security with Google Cloud's Service Account Key Expiry Feature
Google Cloud has recently introduced service account key expiry to address security challenges associated with long-lived service account keys. With this capability, the company states that "customers can now configure an Organization Policy at the organization, folder, and project level to limit the usable duration of new service account keys”.
-
Introduction of Auth0 Templates for .NET
Auth0 Templates for .NET offers pre-built project templates with integrated Auth0 support for authentication and authorization. The development process is simplified, enabling the creation of Auth0-integrated .NET projects through familiar approaches from built-in templates. The project is open-source.
-
Microsoft Announces Preview of Azure Application Gateway for Containers
Microsoft recently announced the preview of Azure Application Gateway for Containers - a new application (layer 7) load balancing and dynamic traffic management product for workloads running in a Kubernetes cluster. It extends Azure's Application Load Balancing portfolio and is a new offering under the Application Gateway product family.
-
Building Cyber-Physical Systems with Agile: Learnings from QCon New York
In her QCon New York 2023 talk Success Patterns for building Cyber-Physical Systems with Agile, Robin Yeman explored how we can use agile practices at scale for large initiatives with multiple teams, building cyber-physical safety-critical systems with a scope that includes software, firmware, and hardware development.