Security News

A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore our laws for its own benefit," U.S. Attorney Damian Williams said in a statement.

While many developers acknowledge the importance of applying a security-led approach in the software development lifecycle, 86% do not view application security as a top priority when writing code. These are primarily due to time constraints to meet deadlines, or developers not having enough training or guidance on how to implement secure coding from their managers.

Developers do not view application security as a top priority, study finds. According to Secure Code Warrior's State of Developer-Driven Security 2022 survey, 86% of developers said they do not view application security as a top priority when writing code.

Developers remediate only 32% of vulnerabilities and 42% of them regularly push vulnerable code, a Tromzo report reveals. This is due to the high volume of false-positive alerts and their not...

A Tromzo report reveals developers remediate only 32% of vulnerabilities and regularly push vulnerable code. "These findings show that developers regularly ignore security issues, but can we really blame them?" said Tromzo CTO Harshit Chitalia.

A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information. The entire set of malicious packages was disclosed to the NPM maintainers roughly two days after they were published, leading to their quick removal, but not before each of the packages were downloaded around 50 times on average.

A group of more than 200 malicious npm packages targeting developers who use Microsoft Azure has been removed two days after they were made available to the public. This group of packages grew from about 50 to at least 200 by March 21.

Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information in a large-scale typosquatting attack against Microsoft Azure cloud users. That's according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200.

A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. It constantly surprises non-computer people how much critical software is dependent on the whims of random programmers who inconsistently maintain software libraries.

Cequence Security released a report revealing that both developers and attackers have made the shift to APIs. After analyzing some of the most interesting bot attacks throughout 2021, it's clear that attackers have come to love APIs just as much as developers.