vulnerability Archives - Developer Tech News https://www.developer-tech.com/news/tag/vulnerability/ Gaming, Apps, HTML5, Java, PHP, C#, .net, IOT Wed, 20 Mar 2024 16:58:28 +0000 en-GB hourly 1 https://www.developer-tech.com/wp-content/uploads/sites/3/2020/09/dev-icon-60x60.png vulnerability Archives - Developer Tech News https://www.developer-tech.com/news/tag/vulnerability/ 32 32 GitHub’s code scanning autofix enters public beta https://www.developer-tech.com/news/2024/mar/20/github-code-scanning-autofix-public-beta/ https://www.developer-tech.com/news/2024/mar/20/github-code-scanning-autofix-public-beta/#respond Wed, 20 Mar 2024 16:58:27 +0000 https://www.developer-tech.com/?p=45800 GitHub has announced that its code scanning autofix feature, powered by GitHub Copilot and CodeQL, is now available in public beta for all GitHub Advanced Security customers. The autofix tool aims to remediate over two-thirds of vulnerabilities found during code scanning with minimal editing required by developers. “Our vision for application security is an environment... Read more »

The post GitHub’s code scanning autofix enters public beta appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2024/mar/20/github-code-scanning-autofix-public-beta/feed/ 0
GitHub rotates credentials following vulnerability discovery https://www.developer-tech.com/news/2024/jan/17/github-rotates-credentials-following-vulnerability-discovery/ https://www.developer-tech.com/news/2024/jan/17/github-rotates-credentials-following-vulnerability-discovery/#respond Wed, 17 Jan 2024 16:58:10 +0000 https://www.developer-tech.com/?p=45542 GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials, the company revealed Tuesday.   The Microsoft-owned firm said it first became aware of the high-severity security flaw tracked as CVE-2024-0200 on 26 December 2023. After investigating the issue and verifying there was no evidence it... Read more »

The post GitHub rotates credentials following vulnerability discovery appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2024/jan/17/github-rotates-credentials-following-vulnerability-discovery/feed/ 0
Huawei AppGallery vulnerability gives away paid apps for free https://www.developer-tech.com/news/2022/may/19/huawei-appgallery-vulnerability-gives-away-paid-apps-free/ https://www.developer-tech.com/news/2022/may/19/huawei-appgallery-vulnerability-gives-away-paid-apps-free/#respond Thu, 19 May 2022 10:52:58 +0000 https://www.developer-tech.com/?p=43213 A vulnerability has been discovered in Huawei’s AppGallery that enables paid apps to be downloaded for free. Huawei claims that AppGallery is now the third-largest app store in the world—serving over 600 million Huawei device users in over 170 countries/regions. Dylan Roussel, an Android developer, wanted to know how Huawei’s APIs worked. He figured out... Read more »

The post Huawei AppGallery vulnerability gives away paid apps for free appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/may/19/huawei-appgallery-vulnerability-gives-away-paid-apps-free/feed/ 0
80% of Spring framework downloads are exploitable versions https://www.developer-tech.com/news/2022/apr/05/80-of-spring-downloads-are-exploitable-versions/ https://www.developer-tech.com/news/2022/apr/05/80-of-spring-downloads-are-exploitable-versions/#respond Tue, 05 Apr 2022 11:55:01 +0000 https://developer-tech.com/?p=42830 Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions. Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE... Read more »

The post 80% of Spring framework downloads are exploitable versions appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/apr/05/80-of-spring-downloads-are-exploitable-versions/feed/ 0
Spring4Shell vulnerability could have ‘a larger impact’ than Log4j https://www.developer-tech.com/news/2022/mar/31/spring4shell-vulnerability-could-larger-impact-log4j/ https://www.developer-tech.com/news/2022/mar/31/spring4shell-vulnerability-could-larger-impact-log4j/#respond Thu, 31 Mar 2022 07:53:20 +0000 https://developer-tech.com/?p=42803 A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j. Log4j made waves in recent months as the vulnerability in the popular open-source logging library enabled attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software. However, attention is now shifting to the Spring4Shell... Read more »

The post Spring4Shell vulnerability could have ‘a larger impact’ than Log4j appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/mar/31/spring4shell-vulnerability-could-larger-impact-log4j/feed/ 0
Rust vulnerability enables attackers to delete files and directories https://www.developer-tech.com/news/2022/jan/24/rust-vulnerability-enables-attackers-delete-files-and-directories/ https://www.developer-tech.com/news/2022/jan/24/rust-vulnerability-enables-attackers-delete-files-and-directories/#respond Mon, 24 Jan 2022 12:00:56 +0000 https://developer-tech.com/?p=42109 Maintainers of the Rust programming language have warned of a critical vulnerability that enables attackers to delete files and directories. In a security advisory, the Rust Security Response Working Group wrote: “The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable to a race condition enabling symlink following (CWE-363). An... Read more »

The post Rust vulnerability enables attackers to delete files and directories appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/jan/24/rust-vulnerability-enables-attackers-delete-files-and-directories/feed/ 0
GitHub releases analysis of relations between developers and security researchers https://www.developer-tech.com/news/2021/sep/10/github-analysis-relations-developers-security-researchers/ https://www.developer-tech.com/news/2021/sep/10/github-analysis-relations-developers-security-researchers/#respond Fri, 10 Sep 2021 11:34:51 +0000 https://developer-tech.com/?p=40925 Relations between developers and security researchers is critical, but it’s no secret they’re often fraught. GitHub first announced that it was expanding its research to more fully understand the relationship between developer and security research communities in December 2020. The initial analysis, conducted by GitHub Security Lab, has now been released. For its debut analysis,... Read more »

The post GitHub releases analysis of relations between developers and security researchers appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2021/sep/10/github-analysis-relations-developers-security-researchers/feed/ 0