Latest Developer Hacking & Security News | Developer News

Bitwarden strengthens passwordless authentication with magic links API

Ryan Daws — Tue, 02 Apr 2024 15:36:11 +0000

Credential management firm Bitwarden has announced an enhancement to its Passwordless.dev platform with the release of a magic links API. Bitwarden’s latest offering empowers developers to seamlessly integrate passwordless authentication into their applications, providing a more secure and user-friendly experience for end-users. The magic links API enables developers to send unique one-time-use links via email,... Read more »

The post Bitwarden strengthens passwordless authentication with magic links API appeared first on Developer Tech News.

PyPI suspends registrations amid malware attack

Ryan Daws — Thu, 28 Mar 2024 12:52:52 +0000

The Python Package Index (PyPI) has suspended new project creation and user registration to mitigate an ongoing malware upload campaign. This move comes as security researchers at Checkmarx uncovered a campaign involving multiple malicious packages related to the same threat actors. The attackers are targeting victims through typosquatting attacks, tricking users into installing malicious Python... Read more »

The post PyPI suspends registrations amid malware attack appeared first on Developer Tech News.

GitHub’s code scanning autofix enters public beta

Ryan Daws — Wed, 20 Mar 2024 16:58:27 +0000

GitHub has announced that its code scanning autofix feature, powered by GitHub Copilot and CodeQL, is now available in public beta for all GitHub Advanced Security customers. The autofix tool aims to remediate over two-thirds of vulnerabilities found during code scanning with minimal editing required by developers. “Our vision for application security is an environment... Read more »

The post GitHub’s code scanning autofix enters public beta appeared first on Developer Tech News.

NVIDIA employs GenAI for rapid software vulnerability detection

Ryan Daws — Tue, 19 Mar 2024 12:02:57 +0000

NVIDIA has demonstrated how its generative AI technologies can help to quickly identify and mitigate common vulnerabilities and exposures (CVEs) and other software security risks. The NVIDIA NIM and NeMo Retriever microservices – along with the Morpheus accelerated AI framework – enable security analysts to detect and mitigate risks in a matter of seconds, a... Read more »

The post NVIDIA employs GenAI for rapid software vulnerability detection appeared first on Developer Tech News.

Google paid $10M to bug hunters in 2023

Ryan Daws — Wed, 13 Mar 2024 15:21:29 +0000

Google has revealed that it paid out $10 million to over 600 bug hunters from 68 countries in 2023. Throughout the year, Google’s bug hunter community played a pivotal role in identifying and addressing thousands of vulnerabilities across various Google platforms. The company’s dedication to incentivising researchers saw the introduction of several new programs and... Read more »

The post Google paid $10M to bug hunters in 2023 appeared first on Developer Tech News.

GitHub enables secret scanning push protection by default

Ryan Daws — Fri, 01 Mar 2024 16:50:27 +0000

In response to the alarming trend of API keys, tokens, and other confidential data being inadvertently exposed, GitHub has taken further steps to fortify its platform against potential breaches. Within the first two months of 2024, GitHub has uncovered one million leaked secrets across public repositories, averaging over a dozen incidents per minute. Such alarming... Read more »

The post GitHub enables secret scanning push protection by default appeared first on Developer Tech News.

GitHub suffers from over 100K infected repos

Ryan Daws — Thu, 29 Feb 2024 12:01:58 +0000

Developers face a major security threat as over 100,000 repositories on GitHub are infected with malicious code. This resurgence of a malicious repo confusion campaign – detected by Apiiro’s security researchers – has impacted countless developers who unwittingly use repositories they believe to be trusted but are, in fact, compromised. Similar to dependency confusion attacks... Read more »

The post GitHub suffers from over 100K infected repos appeared first on Developer Tech News.

White House urges adoption of memory-safe programming languages

Ryan Daws — Tue, 27 Feb 2024 12:14:22 +0000

The White House Office of the National Cyber Director (ONCD) has released a new report today urging the technology industry to take steps to reduce vulnerabilities in software that leave digital systems open to cyberattacks. The report, titled “Back to the Building Blocks: A Path Toward Secure and Measurable Software,” emphasises the importance of technology... Read more »

The post White House urges adoption of memory-safe programming languages appeared first on Developer Tech News.

Python packages caught using DLL sideloading to bypass security

Ryan Daws — Wed, 21 Feb 2024 11:55:04 +0000

ReversingLabs researchers have uncovered Python packages using DLL sideloading to bypass security tools. On 10 January 2024, Karlo Zanki, a reverse engineer at ReversingLabs, stumbled upon two suspicious packages on the Python Package Index (PyPI). These packages – named NP6HelperHttptest and NP6HelperHttper – were found to be utilising DLL sideloading, a known technique used by... Read more »

The post Python packages caught using DLL sideloading to bypass security appeared first on Developer Tech News.

OpenText unveils next-gen cybersecurity auditing technology

Ryan Daws — Tue, 06 Feb 2024 09:15:09 +0000

OpenText has unveiled the second generation of its advanced cybersecurity auditing technology called Fortify Audit Assistant—aiming to help developers build more secure software amid rising threats and complexity in multi-cloud environments. The key upgrade is the use of predictive analytics and machine learning to emulate human security auditors. By learning from 10 years of human... Read more »

The post OpenText unveils next-gen cybersecurity auditing technology appeared first on Developer Tech News.