infosec Archives - Developer Tech News

PyPI suspends registrations amid malware attack

Ryan Daws — Thu, 28 Mar 2024 12:52:52 +0000

The Python Package Index (PyPI) has suspended new project creation and user registration to mitigate an ongoing malware upload campaign. This move comes as security researchers at Checkmarx uncovered a campaign involving multiple malicious packages related to the same threat actors. The attackers are targeting victims through typosquatting attacks, tricking users into installing malicious Python... Read more »

The post PyPI suspends registrations amid malware attack appeared first on Developer Tech News.

NVIDIA employs GenAI for rapid software vulnerability detection

Ryan Daws — Tue, 19 Mar 2024 12:02:57 +0000

NVIDIA has demonstrated how its generative AI technologies can help to quickly identify and mitigate common vulnerabilities and exposures (CVEs) and other software security risks. The NVIDIA NIM and NeMo Retriever microservices – along with the Morpheus accelerated AI framework – enable security analysts to detect and mitigate risks in a matter of seconds, a... Read more »

The post NVIDIA employs GenAI for rapid software vulnerability detection appeared first on Developer Tech News.

Google paid $10M to bug hunters in 2023

Ryan Daws — Wed, 13 Mar 2024 15:21:29 +0000

Google has revealed that it paid out $10 million to over 600 bug hunters from 68 countries in 2023. Throughout the year, Google’s bug hunter community played a pivotal role in identifying and addressing thousands of vulnerabilities across various Google platforms. The company’s dedication to incentivising researchers saw the introduction of several new programs and... Read more »

The post Google paid $10M to bug hunters in 2023 appeared first on Developer Tech News.

GitHub enables secret scanning push protection by default

Ryan Daws — Fri, 01 Mar 2024 16:50:27 +0000

In response to the alarming trend of API keys, tokens, and other confidential data being inadvertently exposed, GitHub has taken further steps to fortify its platform against potential breaches. Within the first two months of 2024, GitHub has uncovered one million leaked secrets across public repositories, averaging over a dozen incidents per minute. Such alarming... Read more »

The post GitHub enables secret scanning push protection by default appeared first on Developer Tech News.

GitHub suffers from over 100K infected repos

Ryan Daws — Thu, 29 Feb 2024 12:01:58 +0000

Developers face a major security threat as over 100,000 repositories on GitHub are infected with malicious code. This resurgence of a malicious repo confusion campaign – detected by Apiiro’s security researchers – has impacted countless developers who unwittingly use repositories they believe to be trusted but are, in fact, compromised. Similar to dependency confusion attacks... Read more »

The post GitHub suffers from over 100K infected repos appeared first on Developer Tech News.

White House urges adoption of memory-safe programming languages

Ryan Daws — Tue, 27 Feb 2024 12:14:22 +0000

The White House Office of the National Cyber Director (ONCD) has released a new report today urging the technology industry to take steps to reduce vulnerabilities in software that leave digital systems open to cyberattacks. The report, titled “Back to the Building Blocks: A Path Toward Secure and Measurable Software,” emphasises the importance of technology... Read more »

The post White House urges adoption of memory-safe programming languages appeared first on Developer Tech News.

Python packages caught using DLL sideloading to bypass security

Ryan Daws — Wed, 21 Feb 2024 11:55:04 +0000

ReversingLabs researchers have uncovered Python packages using DLL sideloading to bypass security tools. On 10 January 2024, Karlo Zanki, a reverse engineer at ReversingLabs, stumbled upon two suspicious packages on the Python Package Index (PyPI). These packages – named NP6HelperHttptest and NP6HelperHttper – were found to be utilising DLL sideloading, a known technique used by... Read more »

The post Python packages caught using DLL sideloading to bypass security appeared first on Developer Tech News.

GitHub rotates credentials following vulnerability discovery

Ryan Daws — Wed, 17 Jan 2024 16:58:10 +0000

GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials, the company revealed Tuesday. The Microsoft-owned firm said it first became aware of the high-severity security flaw tracked as CVE-2024-0200 on 26 December 2023. After investigating the issue and verifying there was no evidence it... Read more »

The post GitHub rotates credentials following vulnerability discovery appeared first on Developer Tech News.

PHP 8.0 reaches EOL leaving some websites vulnerable

Ryan Daws — Mon, 27 Nov 2023 12:43:31 +0000

PHP 8.0 reached its end of life (EOL) on 26 November 2023 and will no longer receive any updates or patches. PHP 8.0 was released on 26 November 2020 and brought many new features and improvements such as named arguments, attributes, constructor property promotion, match expression, nullsafe operator, JIT, and more. The EOL of PHP... Read more »

The post PHP 8.0 reaches EOL leaving some websites vulnerable appeared first on Developer Tech News.

Checkmarx uncovers persistent Python package threat

Ryan Daws — Thu, 16 Nov 2023 13:00:03 +0000

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain. The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in,... Read more »

The post Checkmarx uncovers persistent Python package threat appeared first on Developer Tech News.