Security News

Hackers Breach LastPass Developer System to Steal Source Code
2022-08-26 09:10

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment.

LastPass developer systems hacked to steal source code
2022-08-25 20:59

Password management firm LastPass was hacked two weeks ago, allowing threat actors to steal the company's source code and proprietary technical information.After requests for information, LastPass released a security advisory today confirming that the company was breached through a compromised developer account that was used to access the company's developer environment.

PyPI packages hijacked after developers fall for phishing emails
2022-08-25 11:18

A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam' are among hundreds seen laced with malware after attackers successfully compromised accounts of maintainers who fell for the phishing email.

Software developer cracks Hyundai car security with Google search
2022-08-17 20:19

A developer says he was able to run his own software on his car infotainment hardware after discovering the vehicle's manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. Turns out the encryption key in that script is the first AES 128-bit CBC example key listed in a NIST document.

Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer
2022-08-14 07:11

Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. Although FIOD didn't reveal the name of the Tornado Cash engineer, The Block identified him as Alexey Pertsev, citing confirmation from his wife.

GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions
2022-08-11 08:22

Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. GitHub Actions is a continuous integration and continuous delivery solution that enables users to automate the software build, test, and deployment pipeline.

10 malicious PyPI packages found stealing developer's credentials
2022-08-09 17:02

Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware. The fake packages used typosquatting to impersonate popular software projects and trick PyPI users into downloading them.

Spyware developer charged by Australian Police after 14,500 sales
2022-08-01 00:30

The report, titled Technology-facilitated abuse: National survey of Australian adults' experiences [PDF], used a sample of 4,562 subjects and found that approximately one in three TFA victimization experiences occurred "In a current or former intimate partner relationship." Australians with a disability, the LGBTQ+ community, and indigenous Australians were more likely to have experienced TFA than other groups. "We have no constraints within the company which precludes anyone from choosing what they want to do and we've had extensive discussions and meetings with the appropriate authorities," said the CEO. Labor rights organization Nascent Information Technology Employees Senate told The Register Parekh's comments were "Misleading."

Find out why developers love Pentest as a Service (PtaaS)
2022-07-27 03:00

Pentest as a Service allows organizations of all sizes to manage an efficient pentest program with on-demand access to expert security talent and a modern SaaS delivery platform. With integrations into security and development tools and real-time collaboration with pentesters, PtaaS enables modern DevSecOps teams to secure their code faster.

PyPI mandates 2FA for critical projects, developer pushes back
2022-07-09 16:31

Although many community members praised the move, the developer of a popular Python project decided to delete his code from PyPI and republish it to invalidate the "Critical" status assigned to his project. We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them.