Security News

Two developers, sponsored by Google, will dedicate their time to addressing vulnerabilities in the Linux kernel as part of a wider effort to improve the security of open-source software. Google will sponsor a pair of developers to work full-time on bolstering the security of Linux.

Index Engines released an API-based developer's kit to support the integration of CyberSense software's analytics and reporting into third-party backup and storage platforms. CyberSense can directly index files in backup images, including Dell EMC NetWorker/Avamar, Veritas NetBackup, IBM Spectrum Protect, and Commvault without the need to rehydrate the data.

Microsoft president Brad Smith said the software giant's analysis of the SolarWinds hack suggests the code behind the crack was the work of a thousand or more developers. Speaking on US news magazine program 60 Minutes, Smith labelled the attack "The largest and most sophisticated attack the world has ever seen."

Polish video game maker CD Projekt RED, the company behind The Witcher and Cyberpunk 2077, said Tuesday hackers had stolen data in a "Targeted cyber attack". "An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note," the company said on Twitter.

Web development resources provider SitePoint has notified users of a data breach that resulted in some of their information being stolen. Based in Melbourne, Australia, and established more than two decades ago, SitePoint provides users with access to tutorials and books that can help them learn the basics of web development.

Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party. Its product portfolio includes the Wind River Linux operating system and the VxWorks real-time operating system.

Dynatrace announced that its Application Security Module now directly links the vulnerabilities it identifies in real time in production and pre-production environments to the Snyk Intel database of open source vulnerabilities to facilitate faster and easier remediation by developers. Dynatrace Application Security, the newest module in Dynatrace's all-in-one Software Intelligence Platform, is optimized for Kubernetes architectures and DevSecOps approaches.

Facebook has filed legal action against two Chrome extension developers that the company said was scraping user profile data - including names and profile IDs - as well as other browser-related information. The two unnamed developers under the business name Oink and Stuff, developed Chrome malicious browser extensions, which actually contained hidden code "That functioned like spyware," alleges Facebook.

Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. Yesterday, the Conti ransomware gang published over 26 GB of data on their ransomware data leak site that was stolen from Sangoma during the recent cyberattack.

The next time you try to download an app from the App Store onto your iPhone or iPad, you may notice a new App Privacy section that seeks to clue you in on certain details. With the release of iOS/iPadOS 14.3 this past Monday, any new or updated app must include a privacy label, otherwise it won't be allowed on the App Store.