InfoQ Homepage Security Content on InfoQ
-
Azure API Management Basic V2 and Standard V2 GA: Enhancing Scalability, Security, and Networking
Microsoft recently announced the general availability of new pricing tiers for Azure API Management, Basic v2, and Standard v2. It offers scalability and flexibility to support various development projects, from small to enterprise-level applications.
-
Efficient DevSecOps Workflows with a Little Help from AI: Q&A with Michael Friedrich
At QCon London, Michael Friedrich, senior developer advocate at GitLab, discussed how AI can help in DevSecOps workflows. His session was part of the Cloud-Native Engineering track on the first day of the conference. InfoQ interviewed Friedrich after the session.
-
Will C++ Become a Safe Language Like Rust and Others?
In a recent article, C++ expert and ISO C++ Committee Chair Herb Sutter expressed his views about what it takes to make C++ a safe language in the guise of Rust and other memory-safe languages (MSLs). His recipes include relying on tooling, as is the case with other MSLs, promoting safe language features, pushing unsafe features behind compiler flags, and more.
-
Microsoft AI-Driven Security Tool Copilot for Security is Now GA
Microsoft recently announced the general availability of Copilot for Security, a generative Artificial Intelligence (AI) security product designed to help security and IT teams with the capabilities to protect their digital assets.
-
ASP.NET Core Updates in .NET 9 Preview 2: Blazor, OIDC, OAuth and Configuring HTTP.sys
Microsoft released .NET 9 Preview 2 which contains some updates regarding ASP.NET Core: Blazor component constructor injection, and WebSocket compression for Blazor interactive server components. Furthermore, developers can streamline authentication integration by customising OIDC and OAuth parameters and configuring HTTP.sys extended authentication flags.
-
Google Cloud Launches Security Command Center Enterprise
Google Cloud has launched Security Command Center (SSC) Enterprise, a cloud risk management solution that offers proactive cloud security with enterprise security operations. The solution helps customers manage and mitigate risk across multi-cloud environments and is enhanced by Mandiant expertise.
-
Falco, Cloud-Native Security Tool for Kubernetes, Graduates from CNCF
CNCF announced the graduation of Falco, a tool designed for Linux systems and a de facto Kubernetes threat-detection engine. The project successfully met all graduation requirements, including undergoing the due diligence process, completing a third-party security audit, and obtaining the software licensing approvals.
-
Enhanced Protection for Large Language Models (LLMs) against Cyber Threats with Cloudflare for AI
Cloudflare recently announced a new capability called Firewall for AI in its Web Application Firewall (WAF) offering. The capability adds a new layer of protection that will identify abuse and attacks before they reach and tamper with Large Language Models (LLMs).
-
GUAC Joins OpenSSF as Incubating Project
The Graph for Understanding Artifact Composition (GUAC) has joined the Open Source Security Foundation (OpenSSF) as an incubating project. GUAC provides a tool and underlying API to analyse and visualise software bill of materials (SBOM) along with threat intelligence feeds to determine whether vulnerabilities impact an application.
-
Apple Debuts Post-Quantum Cryptography Cipher PQ3 for iMessage Communication
Apple announced a new quantum-resistant encryption protocol that will be used to secure iMessage communications, PQ3 against attack scenarios known as "harvest now, decrypt later".
-
Cloudflare Recaps Thanksgiving 2023 Incident and Response Actions
On Thanksgiving Day 2023, Cloudflare detected a threat actor on their self-hosted Atlassian server. Their security team responded by removing access and initiating an investigation. CrowdStrike's Forensic team was brought in for an independent analysis, the analysis. No Cloudflare customer data or systems were compromised.
-
AI and FinOps Predicted to Lead Observability Innovation in 2024
In recently published articles, three large observability companies have made predictions for the trends we will see in the observability area in 2024 and beyond. These contributions suggest that the fields of AI Integration, FinOps, OpenTelemetry and Security and Governance will impact observability significantly in the year ahead.
-
InfoQ & QCon Events: Level up on Generative AI, Security, Platform Engineering, and More Upcoming
As we navigate through these transformative times, the upcoming InfoQ events stand as a platform to help you stay ahead, learn valuable insights, and find practical solutions to your development challenges in 2024 and beyond. The events are carefully curated for senior software engineers, architects, and team leaders, offering practitioner insights into emerging trends, patterns, and practices.
-
TikTok Owner Open-Sources Next Gen Kubernetes Federation Tool
ByteDance, the company behind popular global platforms like TikTok, has unveiled KubeAdmiral, its next-generation cluster federation system for Kubernetes, designed to manage multiple clusters with the efficiency and effectiveness comparable to a seasoned navy admiral commanding a fleet. KubeAdmiral scales to run more than 10 million pods across dozens of federated Kubernetes clusters.
-
LeftoverLocals May Leak LLM Responses on Apple, Qualcomm, and AMD GPUs
Security firm Trail of Bits disclosed a vulnerability allowing malicious actors to recover data from GPU local memory on Apple, Qualcomm, AMD, and Imagination GPUs. Dubbed LeftoverLocals, the vulnerability affects any application using the GPU, including Large Language Models (LLMs) and machine learning (ML) models.