vulnerability Archives - Developer Tech News

GitHub rotates credentials following vulnerability discovery

Ryan Daws — Wed, 17 Jan 2024 16:58:10 +0000

GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials, the company revealed Tuesday. The Microsoft-owned firm said it first became aware of the high-severity security flaw tracked as CVE-2024-0200 on 26 December 2023. After investigating the issue and verifying there was no evidence it... Read more »

The post GitHub rotates credentials following vulnerability discovery appeared first on Developer Tech News.

Huawei AppGallery vulnerability gives away paid apps for free

Ryan Daws — Thu, 19 May 2022 10:52:58 +0000

A vulnerability has been discovered in Huawei’s AppGallery that enables paid apps to be downloaded for free. Huawei claims that AppGallery is now the third-largest app store in the world—serving over 600 million Huawei device users in over 170 countries/regions. Dylan Roussel, an Android developer, wanted to know how Huawei’s APIs worked. He figured out... Read more »

The post Huawei AppGallery vulnerability gives away paid apps for free appeared first on Developer Tech News.

80% of Spring framework downloads are exploitable versions

Ryan Daws — Tue, 05 Apr 2022 11:55:01 +0000

Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions. Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE... Read more »

The post 80% of Spring framework downloads are exploitable versions appeared first on Developer Tech News.

Spring4Shell vulnerability could have ‘a larger impact’ than Log4j

Ryan Daws — Thu, 31 Mar 2022 07:53:20 +0000

A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j. Log4j made waves in recent months as the vulnerability in the popular open-source logging library enabled attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software. However, attention is now shifting to the Spring4Shell... Read more »

The post Spring4Shell vulnerability could have ‘a larger impact’ than Log4j appeared first on Developer Tech News.

Rust vulnerability enables attackers to delete files and directories

Ryan Daws — Mon, 24 Jan 2022 12:00:56 +0000

Maintainers of the Rust programming language have warned of a critical vulnerability that enables attackers to delete files and directories. In a security advisory, the Rust Security Response Working Group wrote: “The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable to a race condition enabling symlink following (CWE-363). An... Read more »

The post Rust vulnerability enables attackers to delete files and directories appeared first on Developer Tech News.

GitHub releases analysis of relations between developers and security researchers

Ryan Daws — Fri, 10 Sep 2021 11:34:51 +0000

Relations between developers and security researchers is critical, but it’s no secret they’re often fraught. GitHub first announced that it was expanding its research to more fully understand the relationship between developer and security research communities in December 2020. The initial analysis, conducted by GitHub Security Lab, has now been released. For its debut analysis,... Read more »

The post GitHub releases analysis of relations between developers and security researchers appeared first on Developer Tech News.