infosec Archives - Developer Tech News

GitHub rotates credentials following vulnerability discovery

Ryan Daws — Wed, 17 Jan 2024 16:58:10 +0000

GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials, the company revealed Tuesday. The Microsoft-owned firm said it first became aware of the high-severity security flaw tracked as CVE-2024-0200 on 26 December 2023. After investigating the issue and verifying there was no evidence it... Read more »

The post GitHub rotates credentials following vulnerability discovery appeared first on Developer Tech News.

PHP 8.0 reaches EOL leaving some websites vulnerable

Ryan Daws — Mon, 27 Nov 2023 12:43:31 +0000

PHP 8.0 reached its end of life (EOL) on 26 November 2023 and will no longer receive any updates or patches. PHP 8.0 was released on 26 November 2020 and brought many new features and improvements such as named arguments, attributes, constructor property promotion, match expression, nullsafe operator, JIT, and more. The EOL of PHP... Read more »

The post PHP 8.0 reaches EOL leaving some websites vulnerable appeared first on Developer Tech News.

Checkmarx uncovers persistent Python package threat

Ryan Daws — Thu, 16 Nov 2023 13:00:03 +0000

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain. The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in,... Read more »

The post Checkmarx uncovers persistent Python package threat appeared first on Developer Tech News.

AI coding assistants: A double-edged sword for DevOps in 2024

Ryan Daws — Fri, 10 Nov 2023 14:06:02 +0000

A growing reliance on AI-powered coding assistants is reshaping how DevOps teams operate, for better or worse. According to Forrester’s 2024 cybersecurity, risk, and privacy predictions, AI coding assistants are becoming integral to boosting productivity. However, a cautionary note accompanies this technological shift, as Forrester warns of potential pitfalls that could lead to cybersecurity breaches.... Read more »

The post AI coding assistants: A double-edged sword for DevOps in 2024 appeared first on Developer Tech News.

Wallarm highlights disturbing trends in API security threats

Ryan Daws — Wed, 08 Nov 2023 10:40:12 +0000

Wallarm has released its Q3 2023 API ThreatStats report which sheds light on the escalating threats targeting APIs and revealing vulnerabilities that have impacted industry giants such as Netflix, VMware, and SAP. The report’s revamped ‘Top 10 API Security Threats’ compilation outlines 239 vulnerabilities discovered during the quarter, with injections taking the lead. Injections involve... Read more »

The post Wallarm highlights disturbing trends in API security threats appeared first on Developer Tech News.

State of Java: Resilience amid licensing changes and security concerns

Ryan Daws — Fri, 27 Oct 2023 09:28:10 +0000

Azul has unveiled its first annual State of Java Survey & Report, which offers a deep exploration of the Java landscape. The study – based on responses from over 2,000 Java users worldwide – aims to provide unparalleled insights into Java’s current standing, particularly its influence on enterprises of various sizes. Java’s ubiquity and vital... Read more »

The post State of Java: Resilience amid licensing changes and security concerns appeared first on Developer Tech News.

Sauce Labs exposes some developers’ risky habits

Ryan Daws — Tue, 03 Oct 2023 15:32:51 +0000

A survey by Sauce Labs of 500 US-based developers has put the spotlight on some concerning practices. One alarming discovery was the tendency of developers to push code to production without adequate testing. 67 percent of respondents admitted to this practice, jeopardising software quality, user experience, and system stability. Additionally, 68 percent confessed to merging... Read more »

The post Sauce Labs exposes some developers’ risky habits appeared first on Developer Tech News.

Mathew Payne, GitHub: Protecting code while nurturing user experience

Ryan Daws — Fri, 18 Aug 2023 13:54:35 +0000

Developer caught up with Mathew Payne, Principal Field Security Specialist at GitHub, to discuss the platform’s security strategies and how they aim to strike a balance between robustness and a seamless user experience. At the heart of GitHub’s security philosophy lies a commitment to safeguarding user code. Payne emphasised that a major focus is on... Read more »

The post Mathew Payne, GitHub: Protecting code while nurturing user experience appeared first on Developer Tech News.

Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign

Ryan Daws — Fri, 04 Aug 2023 11:05:45 +0000

In a recent analysis conducted by Sonatype, a malicious Python Package Index (PyPI) package named ‘VMConnect’ was discovered masquerading as the legitimate VMware vSphere connector module ‘vConnector’. The counterfeit package was found to contain sinister code designed to compromise users’ systems. Further investigation revealed an ongoing campaign involving additional packages like “ethter” and “quantiumbase,” all... Read more »

The post Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign appeared first on Developer Tech News.

Apple will require developers to explain their API use

Ryan Daws — Fri, 28 Jul 2023 14:45:07 +0000

In an effort to bolster user privacy and crack down on fingerprinting, Apple has announced that developers will soon be required to provide detailed explanations for their app’s use of certain APIs before submitting them to the App Store. The APIs in question are now classified as “required reason APIs,” meaning developers must articulate the... Read more »

The post Apple will require developers to explain their API use appeared first on Developer Tech News.