Security News

DFRobot Gravity series is a set of professional open-source hardware modules. Till now, the Gravity series has been used by more than 1 million developers worldwide and used in a broad range of applications, like AI, environmental monitoring, IoT, smart homes, etc.

Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed "XcodeSpy," the trojanized Xcode project is a tainted version of a legitimate, open-source project available on GitHub called TabBarInteraction that's used by developers to animate iOS tab bars based on user interaction.

"We recently became aware of a trojanized Xcode project in the wild targeting iOS developers thanks to a tip from an anonymous researcher. The malicious project is a doctored version of a legitimate, open-source project available on GitHub," SentinelOne researchers have warned. The trojanized Xcode project in question is TabBarInteraction, which offers iOS developers features for animating the iOS Tab Bar based on user interaction - though the researchers have been quick to note that the code in the Github project is currently clean, and that the developer is not implicated in any way with the malware operation.

Taliware announced that its identity-management software developer toolkit is now available. By integrating the Taliware SDK with their applications, mobile app developers can use Taliware's patented Biombeat to access ECG-based biometric verification, to enable passwordless, location-based authentication.

Cybercriminals are targeting Apple developers with a trojanized Xcode project, which once launched installs a backdoor that has spying and data exfiltration capabilities. Xcode is comprised of a suite of free, open software development tools developed by Apple for creating software for macOS, iOS, iPadOS, watchOS and tvOS. Thus, any apps built on top of the project automatically include the malicious code.

A recently discovered Mac malware has been used by unknown threat actors to target software developers who use Apple's Xcode integrated development environment. SentinelOne learned about the malware from an anonymous researcher, but the company also spotted XcodeSpy in the wild in late 2020 at an organization in the United States.

IBM announced a series of new and updated capabilities for developers designed to deliver intelligent application analysis throughout the DevOps pipeline, generally available on March 19. To help clients unlock the value of DevOps across the enterprise, and help reduce risk around application modernization, IBM is announcing new IBM Wazi Analyze capabilities to help bring IBM Z into the DevOps pipeline, unlocking uniform, enterprise-wide agile delivery processes and standards with transferable skills for non-Z developers.

Accurics launched a channel program designed for partners who share a developer-first approach to cloud security, in tune with the era of Infrastructure as Code. As new cloud native technologies accelerate innovation, bringing both benefits and risk, the Accurics channel program empowers partner organizations to help clients codify security throughout the development lifecycle, facilitating self-healing cloud native infrastructure and ensuring end-to-end security in all cloud applications.

An official version of the popular 7-zip archiving program has been released for Linux for the first time. Linux already had support for the 7-zip archive file format through a POSIX port called p7zip but it was maintained by a different developer.

Boston-based developer security firm Snyk on Wednesday announced that it has raised $300 million in a Series E funding round that values the company at $4.7 billion. Snyk became a cybersecurity unicorn in January 2020, when it announced raising $150 million in Series C financing.