Security News > 2020 > December

Some 70% of apps are inheriting security flaws from their open-source libraries, but it's important to note that only 30% of apps have more security bugs in their open-source libraries than in code written in-house, suggesting that it isn't solely open-source projects that are to blame. In terms of how bugs are being resolved, Veracode found that 73% of the bugs it found as part of the report were patched, which is a big improvement over previous years, when that number was in the mid-50% range.

A remote team of three hobbyist cryptologists have solved one of the Zodiac Killer's cipher after a half century. The 340 Cipher, named after its 340 characters, was trickier to figure out - until this week, almost 50 years later, when an unlikely team of cryptographers broke the code.

Download numbers from the browser store show that several million people worldwide currently may be using the extensions, researchers said. Avast Threat Intelligence discovered the malware after following up on research by Czech researcher Edvard Rejthar at CZ.NIC, who first identified the threat originating in browser extensions on his system, Avast senior writer Emma McGowan wrote in a blog post published Thursday.

The massive shift to remote work has turbocharged the shadow IT problem. This is driving a resurgence in shadow IT risk, with half of security professionals saying shadow IT is a major problem.

Nation-state hackers have breached the networks of the National Nuclear Security Administration and the US Department of Energy. NNSA is a semi-autonomous government agency responsible for maintaining and securing the US nuclear weapons stockpile.

Nation-state hackers have breached the networks of the National Nuclear Security Administration and the US Department of Energy. NNSA is a semi-autonomous government agency responsible for maintaining and securing the US nuclear weapons stockpile.

The FBI has been tasked with collecting intelligence that can help attribute the attack to a threat actor and disrupt their activities. The agency is also working with victims to obtain information that can be useful to the government and network defenders.

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.