Security News

The report, Developer Engagement Report: Are Your Developers Happy or Halfway Out The Door?, draws on data from 860 global developers from different backgrounds to identify trends regarding satisfaction and retention of developers, and provide best practices for IT leaders to avoid developer burnout and turnover. "We continue to be amazed by how IT leaders and developers around the globe continue to innovate in the face of challenges. However, with a global talent shortage of over one million developers, IT leaders will not be able to hire their way out of the challenges they face in response to the insatiable appetite for building high-performance, quality software," said Gonçalo Gaiolas, Chief Product Officer of OutSystems.

Open-source software has reached greater levels of security than ever before, but its increased adoption comes with new challenges. In this Help Net Security video, Josep Prat, Open Source Engineering Director at Aiven, illustrates how threat actors see greater use of open-source software as an opportunity, deploying new methods targeting tech professionals and open-source projects.

Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. The 2022 State of Developer-Driven Security Survey in conjunction with Evans Data supports this outlook, with 86% of surveyed developers revealing that they do not view application security as a top priority.

The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor. After security researcher 3xp0rt shared the tweet about the leaked LockBit 3.0 builder, VX-Underground shared that they were contacted on September 10th by a user named 'protonleaks,' who also shared a copy of the builder.

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment.

Password management firm LastPass was hacked two weeks ago, allowing threat actors to steal the company's source code and proprietary technical information.After requests for information, LastPass released a security advisory today confirming that the company was breached through a compromised developer account that was used to access the company's developer environment.

A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam' are among hundreds seen laced with malware after attackers successfully compromised accounts of maintainers who fell for the phishing email.

A developer says he was able to run his own software on his car infotainment hardware after discovering the vehicle's manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. Turns out the encryption key in that script is the first AES 128-bit CBC example key listed in a NIST document.

Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. Although FIOD didn't reveal the name of the Tornado Cash engineer, The Block identified him as Alexey Pertsev, citing confirmation from his wife.

Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. GitHub Actions is a continuous integration and continuous delivery solution that enables users to automate the software build, test, and deployment pipeline.