Security News

10 malicious PyPI packages found stealing developer's credentials
2022-08-09 17:02

Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware. The fake packages used typosquatting to impersonate popular software projects and trick PyPI users into downloading them.

Spyware developer charged by Australian Police after 14,500 sales
2022-08-01 00:30

The report, titled Technology-facilitated abuse: National survey of Australian adults' experiences [PDF], used a sample of 4,562 subjects and found that approximately one in three TFA victimization experiences occurred "In a current or former intimate partner relationship." Australians with a disability, the LGBTQ+ community, and indigenous Australians were more likely to have experienced TFA than other groups. "We have no constraints within the company which precludes anyone from choosing what they want to do and we've had extensive discussions and meetings with the appropriate authorities," said the CEO. Labor rights organization Nascent Information Technology Employees Senate told The Register Parekh's comments were "Misleading."

Find out why developers love Pentest as a Service (PtaaS)
2022-07-27 03:00

Pentest as a Service allows organizations of all sizes to manage an efficient pentest program with on-demand access to expert security talent and a modern SaaS delivery platform. With integrations into security and development tools and real-time collaboration with pentesters, PtaaS enables modern DevSecOps teams to secure their code faster.

PyPI mandates 2FA for critical projects, developer pushes back
2022-07-09 16:31

Although many community members praised the move, the developer of a popular Python project decided to delete his code from PyPI and republish it to invalidate the "Critical" status assigned to his project. We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them.

Why Developers Hate Changing Language Versions
2022-07-08 04:08

If developers don't adopt the new language version, they're excluded from the new feature set. That's the conundrum: to adopt the new, more advanced version of a language developers need to refactor, and along the way they'll spend a huge amount of effort - and break all sorts of unexpected things, introducing new bugs into an application that was running just fine.

Learn Raspberry Pi and Arduino with 9 Online Developer Training Courses
2022-05-31 00:29

Featuring nine full-length video courses, The 2022 Complete Raspberry Pi & Arduino Developer Bundle provides a really good introduction to this world. Special Offer - For a limited time, you can get lifetime access to nine courses on Arduino and Raspberry Pi development for just $39.99.

What is keeping automotive software developers up at night?
2022-05-27 03:30

Perforce Software released the results of its annual State of Automotive Software Development survey conducted in partnership with Automotive IQ. Close to 600 automotive development professionals across the globe provided responses to current practices and emerging trends within the industry. Key findings suggest a growing concern for automotive software security, while the automotive vehicle market continues to rapidly evolve.

GitHub to require 2FA from active developers by the end of 2023
2022-05-04 15:00

GitHub announced today that all users who contribute code on its platform will be required to enable two-factor authentication on their accounts by the end of 2023. Active contributors who will have to enable 2FA include but are not limited to GitHub users who commit code, use Actions, open or merge pull requests, or publish packages.

Google Releases First Developer Preview of Privacy Sandbox on Android 13
2022-05-01 23:06

Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "Early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview.

Developer workflow for software supply-chain security is in high demand
2022-04-26 13:00

Today we're seeing another massive security challenge ahead for developers, where nothing is easy or automatic: software supply-chain security. Lorenc met Chainguard co-founder Kim Lewandowski at Google, and they have both been approaching the software supply chain security problem through a series of open source projects that they co-created and co-maintain.