InfoQ Homepage Security Content on InfoQ
-
InfoQ Dev Summit Munich: Learn from German Automotive, Banking, and TelCo Software Practitioners
InfoQ Dev Summit Munich is a two-day in-person software development conference for senior software engineers, architects, and team leaders in the Bavarian capital on September 26th and 27th. The sessions will cover critical topics such as generative AI and platform engineering, with use cases from the German automotive, banking, and telecommunication industries.
-
The Guardian's Deep Dive into Qubes OS: a Secure Solution for Whistleblowing and Journalism
The Guardian's engineering team recently shared their experience with Qubes OS, a security-focused desktop operating system. The engineering team configured the Quebes workstations utilizing SaltStack, the default management engine in the Quebes OS.
-
NIST Launches Program to Discriminate How Far from "Human-Quality" are Gen AI Generated Summaries
NIST launched a public Gen AI evaluation program for systems developed by the international research community. The pilot program focuses on systems that can generate human-like summaries from multiple documents, or discriminators to identify whether a summary was AI-generated. For now, information about text-to-text modality is available. The registration closes in May.
-
Microsoft Launches Trusted Signing in Public Preview: an End-to-End Signing Solution for Developers
Microsoft recently launched Trusted Signing in Public Preview, a fully-managed end-to-end signing solution for developers backed by a Microsoft-managed certification authority.
-
Understanding Email Threats with Cloudflare Radar
Cloudflare recently announced the launch of a new Email Security section on Cloudflare Radar. This section will provide insights into the current state of email security. The new metrics offer real-time visibility into email-borne threats, allowing organizations to correlate trends within their environment with broader security observations from Cloudflare.
-
SSH Backdoor from Compromised XZ Utils Library
When Microsoft engineer Andres Freund noticed SSH was taking longer than usual, he discovered a backdoor in xz utils, one of the underlying libraries for systemd, that had taken years to be put in place. The backdoor had found its way into testing releases of Linux distributions like Debian Sid, Fedora 41 and Fedora Rawhide but was caught before propagating into more highly used stable releases.
-
Shadow API Detection for Google Cloud Environments in Preview
During Google Cloud Next, Google announced the preview release of shadow API detection in Advanced API Security, part of the Apigee API Management solution. This managed API Broker service in the Google Cloud allows users to design, secure, deploy, monitor, and analyze APIs.
-
Azure API Management Basic V2 and Standard V2 GA: Enhancing Scalability, Security, and Networking
Microsoft recently announced the general availability of new pricing tiers for Azure API Management, Basic v2, and Standard v2. It offers scalability and flexibility to support various development projects, from small to enterprise-level applications.
-
Efficient DevSecOps Workflows with a Little Help from AI: Q&A with Michael Friedrich
At QCon London, Michael Friedrich, senior developer advocate at GitLab, discussed how AI can help in DevSecOps workflows. His session was part of the Cloud-Native Engineering track on the first day of the conference. InfoQ interviewed Friedrich after the session.
-
Microsoft AI-Driven Security Tool Copilot for Security is Now GA
Microsoft recently announced the general availability of Copilot for Security, a generative Artificial Intelligence (AI) security product designed to help security and IT teams with the capabilities to protect their digital assets.
-
Google Cloud Launches Security Command Center Enterprise
Google Cloud has launched Security Command Center (SSC) Enterprise, a cloud risk management solution that offers proactive cloud security with enterprise security operations. The solution helps customers manage and mitigate risk across multi-cloud environments and is enhanced by Mandiant expertise.
-
Enhanced Protection for Large Language Models (LLMs) against Cyber Threats with Cloudflare for AI
Cloudflare recently announced a new capability called Firewall for AI in its Web Application Firewall (WAF) offering. The capability adds a new layer of protection that will identify abuse and attacks before they reach and tamper with Large Language Models (LLMs).
-
InfoQ & QCon Events: Level up on Generative AI, Security, Platform Engineering, and More Upcoming
As we navigate through these transformative times, the upcoming InfoQ events stand as a platform to help you stay ahead, learn valuable insights, and find practical solutions to your development challenges in 2024 and beyond. The events are carefully curated for senior software engineers, architects, and team leaders, offering practitioner insights into emerging trends, patterns, and practices.
-
LeftoverLocals May Leak LLM Responses on Apple, Qualcomm, and AMD GPUs
Security firm Trail of Bits disclosed a vulnerability allowing malicious actors to recover data from GPU local memory on Apple, Qualcomm, AMD, and Imagination GPUs. Dubbed LeftoverLocals, the vulnerability affects any application using the GPU, including Large Language Models (LLMs) and machine learning (ML) models.
-
LLMs May Learn Deceptive Behavior and Act as Persistent Sleeper Agents
AI researchers at OpenAI competitor Anthropic trained proof-of-concept LLMs showing deceptive behavior triggered by specific hints in the prompts. Furthermore, they say, once deceptive behavior was trained into the model, there was no way to circumvent it using standard techniques.